Rapid Security Responses on Apple devices
Rapid Security Responses are a new type of software release for applying security fixes to users more frequently by not requiring a full software update. These responses are included in any ensuing minor update (not upgrade) and, on a Mac, applied content appears on the Preboot volume (through symbolic links in /System/Cryptexes/).
Rapid Security Responses that involve the operating system require the device to restart. For Mac computers, the applied operating system content may be made available to Safari and its associated processes with just a relaunch of those processes, though a restart is required to make this content broadly available to the rest of the operating system.
Rapid Security Responses also don’t adhere to the managed software update delay; however, because they apply only to the latest minor operating system version, if that minor operating system update is delayed, the response is also effectively delayed. If necessary, the user can also remove the responses.
When applying an RSR to a Mac laptop, the Mac must be connected to power or have the minimum battery percentages.
Mac laptop type | Minimum battery percentage required |
---|---|
Mac with Apple silicon | 10% |
Intel-based Mac | 20% |
Rapid Security Responses and MDM
MDM solutions can use the following restriction keys on supervised iPhone, iPad, and Mac devices:
allowRapidSecurityResponseInstallation: To disable the responses from being applied.
allowRapidSecurityResponseRemoval: To block the user from being able to remove the responses.
Note: On Mac computers, a profile containing these restrictions can also be installed by a local administrator.
To automatically apply the responses and prompt the user to restart (if required):
On iPhone and iPad: Turn on the “Security Responses & System Files” option for Software Update in Settings > General.
On Mac: Turn on “Install Security Responses & System Files” in the Advanced option of Software Update in System Settings > General, or set
CriticalUpdateInstall
to true using an MDM solution.
If a device is on the latest operating system and a Rapid Security Response is available, AvailableOSUpdates
returns the response. An MDM command must be sent to the device with the ProductKey
to apply the Rapid Security Response remotely. Note that an MDM solution can apply the response to devices only on the latest minor version.
MDM solutions can also report on Rapid Security Responses with the SupplementalBuildVersion
and SupplementalOSVersionExtra
keys in DeviceInfo
and the AvailableOSUpdate
queries.
Rapid Security Response versioning
Each Rapid Security Response is versioned relative to its base operating system version, starting with “a,” then “b,” and so on. Within a line of Rapid Security Responses, successive ones always include the changes from previous ones. Subsequent minor operating system updates include the content from all the Rapid Security Responses that were issued for the previous operating system version. The table below shows an example of how minor operating system updates affect Rapid Security Responses.
Note: These are examples and not to be considered actual Rapid Security Response versions.
Operating system version installed | Rapid Security Response version examples | Description |
---|---|---|
iOS 16.2 macOS 13.1 | a b | Two Rapid Security Responses (“a” and “b”) were available. |
iOS 16.3 macOS 13.2 | a b c | Three Rapid Security Responses (“a”, “b”, and “c)” were available. iOS 16.3 and macOS 13.2 include the content from the two RSRs available for iOS 16.2 and macOS 13.1. |
iOS 16.4 macOS 13.3 | a | One Rapid Security Response (“a”) was available. iOS 16.4 and macOS 13.3 include the content from the three RSRs available for iOS 16.3 and macOS 13.2. |
DeviceInfo example
The content emphasized is the additional Rapid Security Response information.
OSVersion = "13.1";
BuildVersion = 22A100;
SupplementalBuildVersion = 22A771000a;
SupplementalOSVersionExtra = "(a)";
AvailableOSUpdate example
The content emphasized is the additional Rapid Security Response information.
<key>Build</key>
<string>22A100a</string>
<key>DownloadSize</key>
<integer>558432785</integer>
<key>HumanReadableName</key>
<string>macOS Security Response 13.1 (a)</string>
<key>HumanReadableNameLocale</key>
<string>en-US</string>
<key>IsConfigDataUpdate</key>
<false/>
<key>IsCritical</key>
<false/>
<key>IsFirmwareUpdate</key>
<false/>
<key>ProductKey</key>
<string>MSU_UPDATE_22A771000a_patch_13.1_rsr</string>
<key>RequiresBootstrapToken</key>
<true/>
<key>RestartRequired</key>
<true/>
<key>Version</key>
<string>13.1</string>
<key>IsSecurityResponse</key>
<true/>
<key>SupplementalBuildVersion</key>
<string>22A771000a</string>
<key>SupplementalOSVersionExtra</key>
<string>(a)</string>