Why you should use Apple’s Rapid Security Response
Mac,
iPad,
and
iPhone
users
can
choose
to
automatically
install
system
security
patches
as
they
are
released
with
a
new
Apple
feature
called
Rapid
Security
Response.
Mac,
iPad,
and
iPhone
users
can
choose
to
automatically
install
system
security
patches
as
they
are
released
with
a
new
Apple
feature
called
Rapid
Security
Response.
Rapid
Security
Response
aims
to
secure
Apple’s
platforms
with
automated
security
updates.
The
idea
is
that
if
every
user
automatically
installs
such
patches,
the
entire
ecosystem
becomes
inherently
more
secure.
Announced
last
year
at
WWDC
2022,
Apple
began
testing
the
feature
in
October.
During
beta
testing,
it
shared
four
content-free
downloads
to
test
its
distribution
system,
including
one
recent
test in
March.
While
the
feature
can
be
enabled
on
devices
running
the
latest
operating
system,
as
of
this
month
Apple
had
not
yet
begun
to
ship
genuine
security
patches.
What
problem
does
Rapid
Security
Response
solve?
Traditionally,
Apple
has
distributed
security
patches
within
iOS,
iPadOS,
or
macOS
software
updates.
This
is
effective,
but
not
every
user
updates
their
systems
in
a
timely
fashion,
in
part
because
full
software
updates
take
a
while.
Making
it
possible
to
automatically
download
and
install
smaller
security
patches
as
they
are
published
makes
for
faster
distribution
and
means
users
don’t
need
to
install
a
complete
OS
upgrade
to
stay
secure.
In
essence,
Rapid
Security
Response
makes
maintaining
device
security
much
simpler
and
less
disruptive
for
all
parties,
while
also
keeping
the
ecosystem
a
bit
more
secure.
How
Apple
explains
Rapid
Security
Response
Apple
explains
that
the
system
will,
“automatically
install
rapid
security
responses
and
system
files
for
iPhone
and
supported
accessories,”
adding,
“some
system
files
will
always
be
installed
automatically,
even
if
Security
Responses
&
System
Files
is
turned
off.
“Rapid
Security
Responses
that
involve
the
operating
system
require
the
device
to
restart.
Rapid
Security
Responses
that
involve
Safari
require
the
user
to
quit
the
app,”
it
adds
in
an
explanatory
note
on
its
tech
support
site.
How
does
Rapid
Security
Response
work?
You’ll
find
Rapid
Security
Response
as
an
option
in
Settings.
In
iOS,
open
General>Software
Update
and
tap
Automatic
Updates.
You’ll
see
the
new
Security
Responses
&
System
Files
item
listed
there.
On
Macs,
open
System
Settings>General>Software
Update
and
tap
the
“I”
button
situated
by
Automatic
Updates.
You
can
then
define
which
updates
you
want
downloaded,
including
Security
Response.
When
you
toggle
the
feature
to
on,
it
will
monitor
for
available
security
patches
and
if
one
is
published,
it
will
download
it.
Once
the
system
has
downloaded
the
security
patch,
you’ll
be
prompted
to
install
it
and
restart
your
device.
The
system
is
also
capable
of
sharing
important
Safari
security
updates.
Can
you
delete
Rapid
Security
Responses
before
they
are
installed?
It’s
possible
to
delete
downloaded
Security
Response
files
updates
before
you
install
them,
though
this
is
not
generally
recommended
as
they
may
contain
essential
fixes
for
your
device.
To
delete
them,
open
General>About>iOS
Version
where
you
can
check
and
remove
the
uninstalled
software,
or,
if
using
a
Mac,
open
System
Settings>General>About,
tap
the
“I”
button
and
remove
the
install.
The
only
real
reason
to
delete
these
updates
is
in
the
event
existing
apps
are
incompatible
with
the
patch.
Apple
also
has
a
system
of
alerts
that
will
tell
users
if
it
identifies
a
problem
with
one
of
these
rapid
security
updates,
enabling
their
removal.
What
about
enterprise
users?
If
you
run
a
fleet
of
devices,
Apple
has
created
APIs
that
device
management
vendors
can
use
to
give
admins
control
of
this
feature,
including
the
capacity
to
remotely
enable
or
disable
it.
Administrators
can
disable
the
feature,
verify
whether
a
software
patch
is
installed,
enable
the
feature,
or
even
block
user
removal
of
these
updates.
Most
businesses
already
accelerate
installation
of
important
security
patches,
but
those
that
can’t
use
their
choice
of
MDM
provider
to
manage
this.
Why
use
Rapid
Security
Response?
Maintaining
device
security
is
emerging
as
one
of
the
biggest
challenges
we
face
in
2023.
As
nation-state
rivalries
intensify,
it’s
reasonable
to
expect
increased
attempts
to
penetrate
platform
security;
as
Jamf
recently
warned,
21%
of
employee
devices
are
misconfigured,
which
includes
not
having
the
latest
security
patch
installed.
To
preserve
that
sanctity,
Apple
wants
to
get
to
a
position
from
which
it
can
expedite
security
patch
distribution
without
requiring
vast
chunks
of
time
or
attention
from
its
customers.
It
also
wants
to
find
a
more
elegant
way
to
swiftly
distribute
emergency
responses.
It’s
just
good
practice.
As
Jamf’s
Michael
Covington,
vice
president
of
portfolio
strategy, recently
noted: “Users
should
be
part
of
the
security
solution,
and
that
includes
actioning
updates
to
the
operating
system
or
applications
in
a
timely
fashion,
when
prompted.”
Rapid
Security
Response
means
we
should
all
get
security
patches
in
a
timelier
fashion,
and
installations
should
take
much
less
time.
It
should
also
provide
a
swift
remedial
path
for
platform-level
mitigations
against
newly
identified
vulnerabilities.
What’s
next
for
Rapid
Security
Response?
There
is
speculation
Apple
will
embrace
a
monthly
security
software
update
release
cycle
that
uses
Rapid
Security
Response
to
harden
security
across
all
of
its
platforms.
It
is
also
interesting
that
Apple
can
upgrade
Safari
with
this
feature,
as
it
hints
that
at
some
point
application
developers
will
also
be
able
to
automate
important
security
patches
for
their
products,
though
this
hasn’t
yet
been
discussed.
Apple
is
now
expected
to
begin
using
the
service
after
iOS
16.4
is
introduced
in
the
next
week
or
so.
Please
follow
me
on Twitter,
or
join
me
in
the AppleHolic’s
bar
&
grill and Apple
Discussions groups
on
MeWe.
About Author
