What Are Rapid Security Responses and Why Are They Important?

ace · May 2, 2023, 10:32pm

Originally published at: What Are Rapid Security Responses and Why Are They Important? - TidBITS

Apple has released the first Rapid Security Responses to iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1. Adam Engst explains what a Rapid Security Response is and why they should have significantly faster adoption than traditional updates.

aforkosh · May 2, 2023, 11:17pm

The MacOS RSR required restarts on both my M1 Macs.

chengengaun · May 3, 2023, 1:16am

Mine requires restart too, updating from macOS 13.3.1.

_carlos · May 3, 2023, 3:40am

Why do you think it took a whopping 13 minutes on the 10.5-inch iPad Pro? That seems rather unusual.

alvarnell · May 3, 2023, 4:50am

Apple has a goal of not requiring RSR’s to require a restart, but if the patches involve a process that loads during boot or login, then a restart is required.

Since most security vulnerabilities do involve such background processes, I expect the majority of RSRs will continue to require restart.

alvarnell · May 3, 2023, 4:51am

Since this is the first RSR delivered to the public, and first to require a restart, I find it difficult to judge whether 13 minutes is unusual or not.

ace · May 3, 2023, 6:38pm

I’m guessing that this sentence in the article triggered your comment, @aforkosh.

This batch of updates did require restarts, and in iOS and iPadOS (but not macOS), Apple posted a notification on the next restart.

What I was trying to point out was that although all operating systems had to restart, the notification appeared only in iOS and iPadOS. I’ll recast that sentence for clarity.

My assumption is that it’s a much, much slower device than my iPhone 14 Pro, and I suspect there’s some serious CPU work involved with all the cryptographic details. All the other machines were 4 minutes or less.

cgwaters · May 7, 2023, 2:28pm

My MBP installed the update and then restarted without prompting – or if a prompt was supplied, it apparently restarted after a timeout period had expired. Is that normal? If so, I’m not a fan … and it has me seriously considering disabling the automatic installation of security responses.

alvarnell · May 7, 2023, 10:54pm

Automatic restarting after any macOS installation that requires it always takes place. Future RSRs may or may not require a restart, depending on whether running background processes get patched or not.

I’m unaware of a separate choice to only automatically install RSRs

cgwaters · May 7, 2023, 11:41pm

Interesting; thanks. Then I guess I’m confused by why macOS updates are being automatically installed. I had been used to simply being informed that updates are available … and then manually installing them. Software Update > Automatic update > “Install macOS updates” is enabled. I wonder if Ventura or a subsequent update enabled that. In any case, it’s now disabled.

Coincidentally, I was going to start a separate thread about what might be causing my MBP to unexpectedly restart. It’s done so, seemingly with increasing frequency, a few times over the past few months, well prior to the release of last week’s RSR. I figured there was something amiss on my system and was/is wondering how to troubleshoot it. Perhaps reinstall the OS … or even perform a factory reset and then restore from backup – something I have no experience with on macOS.

cgwaters · May 7, 2023, 11:41pm

On the Software Update > Automatic update window, there is an option to “Install Security Responses and system files”. I’ve disabled it, for the time being. I monitor macOS news daily, from many sources, so will know when the next one is released – and can plan accordingly.

alvarnell · May 8, 2023, 5:05am

Sorry, but since I haven’t tried Ventura yet, I didn’t realize those preference options had changed.

I will caution that the same option does control the installation of System files, which can only be accomplished in the background once every 24 hours. That includes XProtect Payloads files (XProtect Remediator) and other database updates that aren’t announced by Apple nor widely publicizedd on rumor sites. You won’t be able to install those updates without using a Terminal command or a utility like SilentKnight/LockRattler to trigger background update checks since they don’t ever show up in Software Updates.

jzw · May 8, 2023, 10:31am

You’re in luck… TidBITS comes through as usual!

Simon · May 12, 2023, 2:00pm

Did this setting change? Does this mean if I want XPR installs to happen over night I also need to allow RSR to install automatically? I want the former, but definitely not the latter.

alvarnell · May 13, 2023, 6:06am

I’ve been curious since this part of the discussion started. Since XPR’s are considered to address a problem that is considered too severe to wait for a background update (e.g. XProtect), why would you not want such an update to install without your approval. It’s rumored that an XPR involves a vulnerability that is being actively exploited, whereas a routine update of XProtect/XProtect Remediator may not.

podfeet · May 14, 2023, 1:48pm

Learned a lot as always from Adam but I was most struck by the level of patience required to watch and update of indeterminate length until completion in order to time it. Four times.

Also, “Why does iOS use title case while macOS uses sentence case?”