Apple just used its new security rapid response system for the first time in a regular public release – all previous RSR patches were for iOS/macOS beta testing purposes.
The patch comes as an update for those using iOS, iPadOS 16.4.1, or macOS 13.3.1. There are no release notes for this update, Apple only gives the standard description: “This quick security response provides important security fixes and is recommended for all users.” The update is 85.2MB compared to nearly 2GB for iOS 16.4.1.
As Apple explains, the new rapid security response system will allow vulnerabilities to be patched without having to wait for weeks of larger releases to test:
Quick Security Responses is a new type of software release for iPhone, iPad and Mac. They deliver important security improvements between software updates – for example, improvements to the Safari web browser, WebKit framework stack, or other critical system libraries. They can also be used to more quickly mitigate certain security issues, such as issues that may have been exploited or reported to be “in the wild”.
New security quick responses are offered only for the latest version of iOS, iPadOS, and macOS — starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.
Currently, Apple’s Security Updates page does not yet list specific fixes for this RSR. We’ll update this story as more details become available about the update, though Apple likely won’t release patches until iOS 16.5 arrives. It’s not clear if Apple will move away from security fixes associated with point updates or if these RSR updates are for faster emergency-style fixes.
If you want to make sure you receive these updates, go to Settings (system settings on macOS)> general > Program updates > Automatic updates Make sure that Security Responses and System Files are enabled. They are said to be rolled over two days, so your device may not receive the update right away or there may be problems installing it. These fixes will eventually be included in the next version of iOS/iPadOS/macOS, but it may take some time and leave your device vulnerable in the meantime.
This new system was supposed to be a way for Apple to quickly update critical system components without updating all of iOS, which can include updates to built-in apps and requires a lot of testing before release.