Apple says fix for pulled security update will be released soon

AppleInsiderAppleInsider
Posted:
in General Discussion edited July 2023

Following its release and then removal of a Rapid Security Response update for iOS, iPadOS, and macOS, Apple has announced that it is addressing the update's problems. Here's how to remove it now, if you need to.




Apple first released a Rapid Security Response (RSR) update for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1, patching an exploit that was actively striking users. Then within hours, it pulled that update following reports that major websites were now failing to allow Safari users access.

In a statement to AppleInsider, an Apple spokesperson said that the company was working on fixes for all three OSes.

"Apple is aware of an issue where this Rapid Security Response might prevent some websites from displaying properly," said the spokesperson. "Rapid Security Response iOS 16.5.1 (b) and iPadOS 16.5.1 (b) will be available soon to address this issue."

In the interim, the update can be removed by tapping Settings then selecting About. In that menu, tap iOS Version, then tap Remove Security Response.

According to the spokesperson, the Mac version macOS 13.4.1 (b) is being worked on and will also be available soon.

The pulling of the original update happened quickly enough that many users will not have had it installed. Those can simply wait until the next release.

However, if iPhone or iPad users have the update installed and want to roll back to the previous version, Apple has issued instructions.

"You can choose to remove Rapid Security Response (a): In Settings, About iOS Version, tap Remove Security Response," says Apple. "Then tap Remove to confirm."

Apple has not given instructions for how to uninstall the latest security update on Mac. However, for most users, it requires going to System Settings, then General, then About.

If there is an i for information button next to the entry for macOS, clicking it takes users to a dialogue in which they can Remove & Restart to revert to the previous version. Note that not all Macs will show that i for information button, including ones enrolled in a macOS beta cycle.

Read on AppleInsider

Comments

  • Reply 1 of 5
    ralphieralphie Posts: 105member
    “Affects small number of users”
    edited July 2023 watto_cobraFileMakerFeller
  • Reply 2 of 5
    appleinsideruserappleinsideruser Posts: 495member
    So it wasn’t just the (a) suffix in the user agent that broke some websites… 🤔
    watto_cobraFileMakerFeller
  • Reply 3 of 5
    davendaven Posts: 697member
    I’m glad they included an easy removal method. It sure minimizes problems. No update system will be bug free but at least it is easy to correct them with this method. Personally, none of the websites I visit are affected so I’m keeping the patch for now.
    edited July 2023 FileMakerFellerAlex1N
  • Reply 4 of 5
    dewmedewme Posts: 5,376member
    The Rapid Security Response (RSR) program is still a very worthwhile and valuable form of damage control as long as it mitigates the primary threat. 

    Unintended side effects are inevitable due to the “rapid” nature of the process. The ability to back out the patch is great for those folks who are less affected and impacted by the actual threat than the mitigation. 

    I’m a bit disappointed that Apple has made the original patch unavailable only because it implies that Apple is more concerned about the isolated side affects than stopping the threat. If a threat is truly worthy of issuing an RSR patch why would they stop its release? The side affects are certainly an inconvenience for some, but how does the inconvenience compare to the potential damage that the threat could impose on an unpatched system?

    I’ll attribute Apple’s hesitancy, questionable threat weighting, and flip-flopping to the newness of the RSR program for both Apple and its customers. I would like Apple to provide more clarity up-front and allow users to weigh in on their risk tolerance by subscribing to different RSR levels. 

    For example, they could have a level, say RSR-1, that allows the customer to let Apple know beforehand that they are willing to accept minor and temporary side effects in order to provide the highest possible threat protection. Other levels would similarly trade off higher risk tolerance against continued functional stability and availability. 

    Like every new process there is always room for improvement. But I appreciate that Apple is moving in the right direction. 
    muthuk_vanalingamFileMakerFellerAlex1N
  • Reply 5 of 5
    Alex1NAlex1N Posts: 132member
    I went to have a look in settings and found that it was up to RSR 16.5.1(c) already.
    appleinsideruser
Sign In or Register to comment.