Last summer, during its Worldwide Developers Conference, Apple announced a new security feature called “Rapid Security Response” for its latest operating systems, including iOS 16, iPadOS 16, and macOS Ventura. The feature is designed to facilitate faster and more frequent security patches for Apple’s operating systems, particularly for vulnerabilities related to WebKit that affect Safari and other applications that use the built-in browser engine.
Apple implements Rapid Security Response for iOS and macOS
Over seven months after the release of iOS 16 and nearly a year after WWDC, Apple has finally released the much-anticipated Rapid Security Response update. The update is now available for iOS and iPadOS devices running version 16.4.1 or Macs running version 13.3.1. Once installed, the update adds an “a” to the OS version to indicate that it has been applied. This update is expected to enhance the security of Apple’s operating systems and improve protection against vulnerabilities related to WebKit.
Currently, it is unclear whether Apple plans to provide further details regarding the specific bugs addressed by the Rapid Security Response update. The support page linked to in the update only provides a general overview of the update’s functionality, and as of this writing, Apple’s Security Updates page has not been updated with additional information.
While Apple has previously issued several Rapid Security Response updates to beta users of iOS and macOS, including during the beta phase of iOS 16.4, this marks the first public release of such an update. It remains uncertain whether the updates issued to beta users were intended to test the update mechanism or whether they contained significant security patches.
To enable the Rapid Security Response feature, Apple had to make significant changes to how encrypted, sealed system volumes function in iOS and macOS. In earlier versions of the operating systems, all system files were located on a signed system volume (SSV), and any modification to these files required the entire system volume to be loaded as a snapshot, patched, resealed, and then loaded again after the device rebooted.
While this system was effective in protecting system files from tampering, it had drawbacks such as larger update download sizes, longer update times, and mandatory reboots that users would often defer to avoid interrupting their work. With iOS 16 and macOS Ventura updates, some system files have been moved outside of the SSV into smaller and more compartmentalized extensions of the SSV, known as “cryptexes.” These cryptexes are still encrypted and can be updated without altering the primary SSV. This change allows Apple to provide more frequent and smaller security updates, which can be installed quickly without interrupting users’ work.
It is important to note that Rapid Security Response updates may still require reboots, although they typically have smaller file sizes and shorter installation times than traditional updates. For instance, today’s update required a reboot for both my M1 MacBook Air and iPhone 13 Pro, but it had a significantly smaller file size and faster installation time compared to the 16.4.1 and 13.3.1 updates that Apple released earlier this month. The iOS 16.4.1 (a) update was only 85.7MB on my phone, while the 16.4.1 update was several hundred MB, although this can vary from device to device.
For users who wish to disable Rapid Security Response updates, this can be done in Settings without affecting the download and installation of other types of iOS and macOS updates. Additionally, post-installation, the updates can also be removed if necessary.
At the time of initial release, some users encountered an error message when attempting to install the update. However, as of the publication of this story, it appears that Apple has addressed and resolved the issue.