Apple just used its new Rapid Security Response system for the first time in a regular public release – all previous RSR patches were for iOS/macOS beta testing.
The patch comes as an update for those running iOS or iPadOS 16.4.1 or macOS 13.3.1. There are no release notes for this update, Apple only provides the standard description: “This Rapid Security Response contains important security fixes and is recommended for all users.”
Apple describes the new Rapid Security Response system as follows:
Rapid Security Responses is a new type of software release for iPhone, iPad, and Mac. They provide important security improvements between software updates, such as improvements to the Safari web browser, the WebKit framework stack, or other important system libraries. They can also be used to resolve certain security issues more quickly, such as issues that may have been exploited or reported to exist “in the wild”.
The new security quick responses are only provided for the latest versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.
There is currently no list of specific fixes for this RSR on the Apple Security Updates page yet. We will update this story as more details about the update become available. It’s unclear if Apple will be ditching security patches tied to point updates, or if these RSR updates are for quicker, emergency-style fixes.
If you want to receive these updates, go to Settings (System Preferences in macOS) > General > Software updates > Automatic updates and make sure you have “Security Answers and System Files” enabled. They are reported to be rolled out in a couple of days, so your device may not receive the update immediately, or you may experience problems installing it. These fixes will eventually be included in the next version of iOS/iPadOS/macOS, but this may take some time and leave your device vulnerable in the meantime.
This new system was intended for Apple to quickly update critical system components without updating the entire iOS, which can include built-in app updates and requires much more testing before release.