On Monday, May 1, Apple released its first-ever Rapid Security Response updates for macOS Ventura, iOS 16, and iPadOS 16.
Apple released a corresponding document explaining what Rapid Security Responses are:
Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac. They deliver important security improvements between software updates — for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist “in the wild.”
Thus it’s possible that this Rapid Security Response may mitigate “actively exploited” vulnerabilities—but if so, Apple is not directly admitting it. Strangely, Apple has not yet made any statement about what specifically it fixed in this week’s RSR updates. On Macs, iPhones, and iPads, the update text only specifies:
This Rapid Security Response provides important security fixes and is recommended for all users.
Apple normally releases update details at its Apple security updates page. So far, Apple has not included any details about this week’s RSR updates on that page. Perhaps Apple intends to wait until after corresponding updates are available for its other operating systems first. Update: On May 18, Apple finally revealed that it had patched two actively exploited vulnerabilities in the RSR updates.
Some users had difficulty installing the Rapid Security Response for a brief period of time after Apple released the update. Apple quickly fixed the problem.
Macs running macOS Ventura can get this update by going to System Settings > General > Software Update.
If you have an iPhone with iOS 16 or an iPad with iPadOS 16, you can also get the update by going to Settings > General > Software Update.
After installing the update, the OS version number will include “(a)” at the end, as follows:
Notably, older versions of Apple’s operating systems do not support the Rapid Security Response feature.
For additional technical details about Rapid Security Responses from someone besides Apple, you may enjoy Howard Oakley’s Eclectic Light article. Oakley explains why RSRs may require a restart, despite Apple’s intent for the feature to be able to avoid reboots. For much more highly technical detail, check out this blog post by Mykola Grymalyuk, the OpenCore Legacy Patcher product lead.