When it announced iOS 16, iPadOS 16, and macOS Ventura at its Worldwide Developers Conference last summer, one of the features Apple introduced was something called “Rapid Security Response.” This feature is intended to enable faster and more frequent security patches for Apple’s latest operating systems, particularly for WebKit-related flaws affecting Safari and other apps that use Apple’s built-in browser engine.
Almost a year after WWDC and more than seven months after the release of iOS 16 in September, Apple has finally released a security response flash update. The update is available for iOS and iPadOS devices running 16.4.1 or Macs running 13.3.1, and the update adds (a) to your OS version to indicate that it’s installed.
At this point, it’s not clear if Apple intends to release more information about the specific bugs that are fixed by this security response update; The support page linked in the update is just a general description of Rapid Security Response updates and how they work, and Apple’s Security Updates page hasn’t been updated with more information as of this writing.
Apple has released several rapid security response updates to iOS and macOS beta users before now, including during the iOS 16.4 beta phase, but it hasn’t released one to the public until today. It is possible that the updates released to beta users were simply testing the update mechanism rather than applying useful security patches.
As detailed in our macOS Ventura review, Rapid Security Response required significant changes to how encrypted and sealed system volumes in iOS and macOS normally operate. In previous OS versions, all system files were on a signed system volume (SSV), and any change to the files required mounting the entire system volume as a snapshot, patching it, reclosing it, and then mounting it the next time the machine was restarted.
This setting protects system files from tampering, but the downsides are increased update download sizes, longer update times, and mandatory restarts, something users often put off to avoid interrupting what they’re trying to use their PC for. iOS 16 and macOS Ventura updates move some system files out of SSV into encrypted but smaller, more fragmented SSV extensions. These “cryptocurrencies” can be updated without modifying the main SSV.
Rapid Security Response updates won’t always come without reboots—today’s update requires a reboot of the M1 MacBook Air and iPhone 13 Pro—but these updates had smaller file sizes and significantly shorter install times than the 16.4.1 and 13.3.1 updates provided by Apple. Released earlier this month. The iOS 16.4.1(a) update was only 85.7MB on my phone, while the 16.4.1 update was several hundred MB (this will vary from device to device).
Rapid Security Response updates can be disabled in Settings without modifying your settings for downloading and installing other types of iOS and macOS updates. Updates can also be removed after installation.
Today’s update initially threw an error message to people who tried to install it, but as of this story’s publication, it appears that Apple has fixed the problem.