Why you should use Apple’s Rapid Security Response

Mac, iPad, and iPhone users can choose to automatically install system security patches as they are released with a new Apple feature called Rapid Security Response.

Rapid Security Response aims to secure Apple’s platforms with automated security updates. The idea is that if every user automatically installs such patches, the entire ecosystem becomes inherently more secure.

Announced last year at WWDC 2022, Apple began testing the feature in October. During beta testing, it shared four content-free downloads to test its distribution system, including one recent test in March. While the feature can be enabled on devices running the latest operating system, as of this month Apple had not yet begun to ship genuine security patches.

Traditionally, Apple has distributed security patches within iOS, iPadOS, or macOS software updates. This is effective, but not every user updates their systems in a timely fashion, in part because full software updates take a while.

Making it possible to automatically download and install smaller security patches as they are published makes for faster distribution and means users don’t need to install a complete OS upgrade to stay secure.

In essence, Rapid Security Response makes maintaining device security much simpler and less disruptive for all parties, while also keeping the ecosystem a bit more secure.

Apple explains that the system will, “automatically install rapid security responses and system files for iPhone and supported accessories,” adding, “some system files will always be installed automatically, even if Security Responses & System Files is turned off.

“Rapid Security Responses that involve the operating system require the device to restart. Rapid Security Responses that involve Safari require the user to quit the app,” it adds in an explanatory note on its tech support site.

You’ll find Rapid Security Response as an option in Settings.

In iOS, open General>Software Update and tap Automatic Updates. You’ll see the new Security Responses & System Files item listed there.

On Macs, open System Settings>General>Software Update and tap the “I” button situated by Automatic Updates. You can then define which updates you want downloaded, including Security Response.

When you toggle the feature to on, it will monitor for available security patches and if one is published, it will download it.

Once the system has downloaded the security patch, you’ll be prompted to install it and restart your device. The system is also capable of sharing important Safari security updates.

It’s possible to delete downloaded Security Response files updates before you install them, though this is not generally recommended as they may contain essential fixes for your device.

To delete them, open General>About>iOS Version where you can check and remove the uninstalled software, or, if using a Mac, open System Settings>General>About, tap the “I” button and remove the install.

The only real reason to delete these updates is in the event existing apps are incompatible with the patch. Apple also has a system of alerts that will tell users if it identifies a problem with one of these rapid security updates, enabling their removal.

If you run a fleet of devices, Apple has created APIs that device management vendors can use to give admins control of this feature, including the capacity to remotely enable or disable it.

Administrators can disable the feature, verify whether a software patch is installed, enable the feature, or even block user removal of these updates. Most businesses already accelerate installation of important security patches, but those that can’t use their choice of MDM provider to manage this.

Maintaining device security is emerging as one of the biggest challenges we face in 2023. As nation-state rivalries intensify, it’s reasonable to expect increased attempts to penetrate platform security; as Jamf recently warned, 21% of employee devices are misconfigured, which includes not having the latest security patch installed.

To preserve that sanctity, Apple wants to get to a position from which it can expedite security patch distribution without requiring vast chunks of time or attention from its customers. It also wants to find a more elegant way to swiftly distribute emergency responses.

It’s just good practice. As Jamf’s Michael Covington, vice president of portfolio strategy, recently noted: “Users should be part of the security solution, and that includes actioning updates to the operating system or applications in a timely fashion, when prompted.”

Rapid Security Response means we should all get security patches in a timelier fashion, and installations should take much less time. It should also provide a swift remedial path for platform-level mitigations against newly identified vulnerabilities.

There is speculation Apple will embrace a monthly security software update release cycle that uses Rapid Security Response to harden security across all of its platforms.

It is also interesting that Apple can upgrade Safari with this feature, as it hints that at some point application developers will also be able to automate important security patches for their products, though this hasn’t yet been discussed.

Apple is now expected to begin using the service after iOS 16.4 is introduced in the next week or so.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.