Apple issues Rapid Security Response update for iOS 16.4.1, macOS 13.3.1
Apple has released its first Rapid Security Response update to the public, updating iOS 16.4.1 and macOS 13.3.1 with security fixes -- but the roll-out isn't that smooth as of yet.
iOS RSR update
A Rapid Security Response update is a special kind of update that doesn't require users to perform a normal software update. Instead of a lengthy update procedure, the update can instead be quickly downloaded and installed within minutes.
Tested in beta, the updates are intended to provide important security changes between the regular software updates. This can include fast fixes for urgent security issues, such as actively used exploits against Apple's software, with the RSR changes to mitigate risks of infection or data loss.
We've tested it across multiple devices. So far, as of 1:50 PM ET, every attempt to update has been met with a warning that the device cannot verify the security response. The warning goes on to say that the device is "no longer connected to the internet" when that isn't the case.
This may be a case of server load, but the download is very small. AppleInsider has reached out to Apple for comment.
RSRs are only to be delivered to the latest versions of iOS, iPadOS, and macOS, and do not apply to earlier releases.
When an RSR is applied, the update adds a letter to the end of the version number, for example turning iOS 16.4.1 to iOS 16.4.1 (a).
According to a new support document, the default setting is for the RSR to be applied automatically, and for users to be prompted to restart the device when required. RSR installation can be disabled, with the content of the RSR rolled into the next standard software update.
While the update is seemingly available to download straight away, you won't necessarily be able to install it. Tweets by @Dhinakg and @Aaronp613 reveal that the RSR has a "granular ramping logic," in that it will allow a percentage of users to install the update at a time.
If a screenshot of code is correct, only 5% of users will be able to install the update in the first 6 hours of release, rising to 15% by 12 hours, 40% by 24 hours after release, and 70% by hour 36. After 48 hours, all users who downloaded the update will be able to install it.
It is unclear how the proportion of users is selected.
Attempts to install the update before the device is allowed to will display a notice saying the iPhone is "Unable to Verify Security Response" and claiming it is because the device is "no longer connected to the internet." Despite the apparent lack of internet according to the message, users can still go online normally with their iPhone without restriction, and the notice only applies to the update.
Read on AppleInsider
iOS RSR update
A Rapid Security Response update is a special kind of update that doesn't require users to perform a normal software update. Instead of a lengthy update procedure, the update can instead be quickly downloaded and installed within minutes.
Tested in beta, the updates are intended to provide important security changes between the regular software updates. This can include fast fixes for urgent security issues, such as actively used exploits against Apple's software, with the RSR changes to mitigate risks of infection or data loss.
We've tested it across multiple devices. So far, as of 1:50 PM ET, every attempt to update has been met with a warning that the device cannot verify the security response. The warning goes on to say that the device is "no longer connected to the internet" when that isn't the case.
This may be a case of server load, but the download is very small. AppleInsider has reached out to Apple for comment.
RSRs are only to be delivered to the latest versions of iOS, iPadOS, and macOS, and do not apply to earlier releases.
When an RSR is applied, the update adds a letter to the end of the version number, for example turning iOS 16.4.1 to iOS 16.4.1 (a).
According to a new support document, the default setting is for the RSR to be applied automatically, and for users to be prompted to restart the device when required. RSR installation can be disabled, with the content of the RSR rolled into the next standard software update.
While the update is seemingly available to download straight away, you won't necessarily be able to install it. Tweets by @Dhinakg and @Aaronp613 reveal that the RSR has a "granular ramping logic," in that it will allow a percentage of users to install the update at a time.
If a screenshot of code is correct, only 5% of users will be able to install the update in the first 6 hours of release, rising to 15% by 12 hours, 40% by 24 hours after release, and 70% by hour 36. After 48 hours, all users who downloaded the update will be able to install it.
It is unclear how the proportion of users is selected.
Attempts to install the update before the device is allowed to will display a notice saying the iPhone is "Unable to Verify Security Response" and claiming it is because the device is "no longer connected to the internet." Despite the apparent lack of internet according to the message, users can still go online normally with their iPhone without restriction, and the notice only applies to the update.
Read on AppleInsider
Comments
Unable to Verify Security Response
iOS Security Response 16.4.1 (a) failed verification because you are no longer connected to the Internet.
It showed up on my iPad first. After entering my passcode, it downloaded the 85 MB patch very slowly then proceeded to apply the patch and reboot the unit while I wasn't looking, with no further prompting. I have automatic updating disabled.
My primary iPhone received the patch the same way.
They both show version 16.4.1 (20E252) with a separate Rapid Security Response as version 16.4.1 (a) (20E772520a). The latter can be removed.
Luckily neither device was in the midst of doing anything important but I have become very apprehensive about updating Apple software over the past 7-8 years due to their declining software QA standards.
I hope this patch doesn't cause more problems than it fixes. Unsurprisingly the accompanying Apple support document provides zero detail.
Interestingly it seems you can remove the update too.
haven't tried on my MBP yet
But to intelligently make the decision whether the update is worth the risk, you need to know what the update fixes. It is pathetic that Apple has not provided documentation to say exactly what this update fixes. The link in the update points to a generic document telling you what Rapid Security Response updates are, but zero about what this one contains.
It is a good thing they give a mechanism to back it out. That's due to them using the cryptex mechanism - where the update is somewhat "containerized" and getting rid of it isn't as big a deal as removing a whole operating system update.
Just tried again at ~ 8:20 PM EDT, and the installation and reboot went quickly and without a hitch.