Why you should use Apple’s Rapid Security Response
how-to
Mar 08, 20235 mins
AppleMobile Device ManagementSecurity
A new Apple feature called Rapid Security Response is aimed at bolstering security for iPhone, iPad and Mac users. Here's what it does and why you should use it.
Mac, iPad, and iPhone users can choose to automatically install system security patches as they are released with a new Apple feature called Rapid Security Response.
Rapid Security Response aims to secure Apple’s platforms with automated security updates. The idea is that if every user automatically installs such patches, the entire ecosystem becomes inherently more secure.
Announced last year at WWDC 2022, Apple began testing the feature in October. During beta testing, it shared four content-free downloads to test its distribution system, including one recent test in March. While the feature can be enabled on devices running the latest operating system, as of this month Apple had not yet begun to ship genuine security patches.
What problem does Rapid Security Response solve?
Traditionally, Apple has distributed security patches within iOS, iPadOS, or macOS software updates. This is effective, but not every user updates their systems in a timely fashion, in part because full software updates take a while.
Making it possible to automatically download and install smaller security patches as they are published makes for faster distribution and means users don’t need to install a complete OS upgrade to stay secure.
In essence, Rapid Security Response makes maintaining device security much simpler and less disruptive for all parties, while also keeping the ecosystem a bit more secure.
How Apple explains Rapid Security Response
Apple explains that the system will, “automatically install rapid security responses and system files for iPhone and supported accessories,” adding, “some system files will always be installed automatically, even if Security Responses & System Files is turned off.
“Rapid Security Responses that involve the operating system require the device to restart. Rapid Security Responses that involve Safari require the user to quit the app,” it adds in an explanatory note on its tech support site.
How does Rapid Security Response work?
You’ll find Rapid Security Response as an option in Settings.
In iOS, open General>Software Update and tap Automatic Updates. You’ll see the new Security Responses & System Files item listed there.
On Macs, open System Settings>General>Software Update and tap the “I” button situated by Automatic Updates. You can then define which updates you want downloaded, including Security Response.
When you toggle the feature to on, it will monitor for available security patches and if one is published, it will download it.
Once the system has downloaded the security patch, you’ll be prompted to install it and restart your device. The system is also capable of sharing important Safari security updates.
Can you delete Rapid Security Responses before they are installed?
It’s possible to delete downloaded Security Response files updates before you install them, though this is not generally recommended as they may contain essential fixes for your device.
To delete them, open General>About>iOS Version where you can check and remove the uninstalled software, or, if using a Mac, open System Settings>General>About, tap the “I” button and remove the install.
The only real reason to delete these updates is in the event existing apps are incompatible with the patch. Apple also has a system of alerts that will tell users if it identifies a problem with one of these rapid security updates, enabling their removal.
What about enterprise users?
If you run a fleet of devices, Apple has created APIs that device management vendors can use to give admins control of this feature, including the capacity to remotely enable or disable it.
Administrators can disable the feature, verify whether a software patch is installed, enable the feature, or even block user removal of these updates. Most businesses already accelerate installation of important security patches, but those that can’t use their choice of MDM provider to manage this.
Why use Rapid Security Response?
Maintaining device security is emerging as one of the biggest challenges we face in 2023. As nation-state rivalries intensify, it’s reasonable to expect increased attempts to penetrate platform security; as Jamf recently warned, 21% of employee devices are misconfigured, which includes not having the latest security patch installed.
To preserve that sanctity, Apple wants to get to a position from which it can expedite security patch distribution without requiring vast chunks of time or attention from its customers. It also wants to find a more elegant way to swiftly distribute emergency responses.
It’s just good practice. As Jamf’s Michael Covington, vice president of portfolio strategy, recently noted: “Users should be part of the security solution, and that includes actioning updates to the operating system or applications in a timely fashion, when prompted.”
Rapid Security Response means we should all get security patches in a timelier fashion, and installations should take much less time. It should also provide a swift remedial path for platform-level mitigations against newly identified vulnerabilities.
What’s next for Rapid Security Response?
There is speculation Apple will embrace a monthly security software update release cycle that uses Rapid Security Response to harden security across all of its platforms.
It is also interesting that Apple can upgrade Safari with this feature, as it hints that at some point application developers will also be able to automate important security patches for their products, though this hasn’t yet been discussed.
Hello, and thanks for dropping in. I'm pleased to meet you. I'm Jonny Evans, and I've been writing (mainly about Apple) since 1999. These days I write my daily AppleHolic blog at Computerworld.com, where I explore Apple's growing identity in the enterprise. You can also keep up with my work at AppleMust, and follow me on Mastodon, LinkedIn and (maybe) Twitter.