Briefly mentioned during the WWDC event, Apple has introduced Rapid Security Response. The new feature allows the application of security updates outside of iOS version updates.
Rapid Security Response Now Available in iOS 16 Developer Beta
Developer beta testers of iOS 16 have noticed Rapid Security Response, so this means Apple will most likely make this feature available in the final release of iOS 16. The feature can be found in Settings > General > Software Update > Automatic Updates. The description under Install System and Data Files suggests that Apple will automatically push security patches by default. It also suggests that iPhone users don’t need to reboot the phone for the updates to take effect.
Once rolled out, Apple will also benefit from the Rapid Security Response feature. It will allow the iPhone maker to issue security fixes without having to issue minor version releases. It also means that users won’t need to be aware of potential bugs and wait for Apple to release security fixes. Currently, users need to wait for minor releases of iOS to fix known system bugs or issues.
Additionally, Apple will introduce Rapid Security Response to Macs. The product preview page for macOS Ventura lists the feature under security.
Rapid Security Response
Get important security improvements to your devices even faster. This isn’t a standard software update. These improvements can be applied automatically between normal updates — without a restart.
New Security Feature Will Help Secure iOS and macOS Devices
The new feature will also help secure iOS and macOS devices against cybersecurity attacks and vulnerabilities. Apple will be able to issue patches as quickly as possible. This also means that the Cupertino-based company will no longer have to rely on users to download and install security fixes. Hence, the feature will make security fixes even more effective.
Other security features that Apple introduced across iOS 16 include Safety Check, a default lock for hidden and recently deleted photos, and Face ID support for landscape mode. The Safety Check feature removes data access from abusers.
Apple should allow to manually install security updates in macOS. You cannot do it now if automatic updates are turned off. You must use SilentKnight for it, but not all users know such application.
That is a serious security problem of macOS. Automatic updates are not good because sometimes they may break the Mac. I want to do manual updates, and if something goes wrong, troubleshooting will be easier.
Arnold:
Apple have indeed been busy on the security front. The Rapid Security Response (RSR) is noteworthy, not simply for its methodology and timeliness, but for its stealth – the concealing of Apple’s awareness of a threat from the perpetrator and the implementation of their countermeasure.
@Mike Weasner:
Though not personally affected, I recall hearing grumblings. I don’t know how real or widespread this was. No doubt, Apple have learnt a thing or two about pushing updates since then, and have far more capable arsenals at hand to do so, including the recipient end-user systems. I think this is a necessary and timely step forward.
Security updates are a good thing. I just don’t know if completely automatic updates are a good idea given the potential unreliability of some Internet connections. When I was using geo-sync satellite Internet, weather and long latency created all sorts of difficulties with software downloads. And living where strong thunderstorms are a frequent occurrence, I really don’t want automatic downloads happening when there could be a power failure due to nearby lightning strikes. (Yes, I have several UPSes supplying power to my network gear and desktop computers. But they don’t last in really long outages.) Maybe Apple is checking my local weather before forcing an automatic update on my computers and devices. The Telsa Powerwall “knows” when power outages are possible due to nearby storms and stops discharging and charges the Powerwall in anticipation of being needed. And of course, if Apple did everything right, there would be no need for them to ever release an urgent x.1.1 update to fix a problem they or their users discovered in x.1. Yet, that still happens.
The real danger of any automatic update, at least so far as your power grid concerns go, would be losing power during a restart, yes? The RSR updates won’t require a restart, so this shouldn’t be a problem. On a Mac without battery power, the OS will recognize the update didn’t finish, and kick it off again.
Does anyone still at Apple remember the Mac OS update fiasco that deleted the Ethernet driver many years ago? I wonder what Apple has in place to NEVER EVER break functionality of a Mac, iPhone, iPad, AppleTV, HomePod, Studio Display, AirPod, AirTag, etc.
Excellent question. I think in this case, it would be more extensive testing than happened years ago. Also, these sort of updates would be security fixes, mainly, which shouldn’t ever need to delete something that would cripple a device.
Since most of Apple’s developers are human beings, I suspect that mistakes will be made as they have been made in the past. Once they rollout an automatic update that breaks something, if serious enough then I can imagine a device being bricked. I bet most technical support people still recommend waiting a day or two after a release before doing the update. As to these just being “security” updates that are being forced on the user (for now), what if the update breaks security or even totally locks the device down so the user can’t use it? Can’t happen? I hope not, but, like I said, most of Apple’s developers are human and humans make mistakes.
They aren’t being “forced” on users, though. Don’t want the update automatically installed? Turn off Automatic Updates, or even just that one option for “Install System and Data Files.” That way, you can do your updates manually, as you wish.
It’s also worth noting that Automatic Updates often don’t happen until a week or two after the update has been released. Apple has previously pointed out that initially, only those who go into Software Update right after the update seeds will get it. Apple waits a bit before pushing it through to those who don’t poll for the update manually.
Check out this article, in which Craig Federighi explains:
If using TouchID on the Mac, the auto security updates needs to be turned on. As to a staggered rollout of auto-security updates, someone will be the first to get bricked. Maybe TMO staff can volunteer for that honor.
I’m always willing to take the risk LOL