Apple issues Rapid Security Response update for iOS 16.4.1, macOS 13.3.1

Posted:
in iOS edited May 2023
Apple has released its first Rapid Security Response update to the public, updating iOS 16.4.1 and macOS 13.3.1 with security fixes -- but the roll-out isn't that smooth as of yet.

iOS RSR update
iOS RSR update


A Rapid Security Response update is a special kind of update that doesn't require users to perform a normal software update. Instead of a lengthy update procedure, the update can instead be quickly downloaded and installed within minutes.

Tested in beta, the updates are intended to provide important security changes between the regular software updates. This can include fast fixes for urgent security issues, such as actively used exploits against Apple's software, with the RSR changes to mitigate risks of infection or data loss.

We've tested it across multiple devices. So far, as of 1:50 PM ET, every attempt to update has been met with a warning that the device cannot verify the security response. The warning goes on to say that the device is "no longer connected to the internet" when that isn't the case.

This may be a case of server load, but the download is very small. AppleInsider has reached out to Apple for comment.

RSRs are only to be delivered to the latest versions of iOS, iPadOS, and macOS, and do not apply to earlier releases.

When an RSR is applied, the update adds a letter to the end of the version number, for example turning iOS 16.4.1 to iOS 16.4.1 (a).

According to a new support document, the default setting is for the RSR to be applied automatically, and for users to be prompted to restart the device when required. RSR installation can be disabled, with the content of the RSR rolled into the next standard software update.

While the update is seemingly available to download straight away, you won't necessarily be able to install it. Tweets by @Dhinakg and @Aaronp613 reveal that the RSR has a "granular ramping logic," in that it will allow a percentage of users to install the update at a time.

If a screenshot of code is correct, only 5% of users will be able to install the update in the first 6 hours of release, rising to 15% by 12 hours, 40% by 24 hours after release, and 70% by hour 36. After 48 hours, all users who downloaded the update will be able to install it.

It is unclear how the proportion of users is selected.

Attempts to install the update before the device is allowed to will display a notice saying the iPhone is "Unable to Verify Security Response" and claiming it is because the device is "no longer connected to the internet." Despite the apparent lack of internet according to the message, users can still go online normally with their iPhone without restriction, and the notice only applies to the update.

Read on AppleInsider
«1

Comments

  • Reply 1 of 21
    deefnastydeefnasty Posts: 8member
    Funny enough, I get this when trying to update:

    Unable to Verify Security Response

    iOS Security Response 16.4.1 (a) failed verification because you are no longer connected to the Internet.

  • Reply 2 of 21
    looplessloopless Posts: 339member
    Same here. Major oops by Apple. 
    williamlondon
  • Reply 3 of 21
    rmusikantowrmusikantow Posts: 107member
    Apple has released its first Rapid Security Response update to the public, updating iOS 16.4.1 and macOS 13.3.1 with security fixes -- but the roll-out isn't that smooth as of yet.

    iOS RSR update
    iOS RSR update


    A Rapid Security Response update is a special kind of update that doesn't require users to perform a normal software update. Instead of a lengthy update procedure, the update can instead be quickly downloaded and installed within minutes.

    Tested in beta, the updates are intended to provide important security changes between the regular software updates. This can include fast fixes for urgent security issues, such as actively used exploits against Apple's software, with the RSR changes to mitigate risks of infection or data loss.

    We've tested it across multiple devices. So far, as of 1:50 PM ET, every attempt to update has been met with a warning that the device cannot verify the security response. The warning goes on to say that the device is "no longer connected to the internet" when that isn't the case.

    This may be a case of server load, but the download is very small. AppleInsider has reached out to Apple for comment.

    RSRs are only to be delivered to the latest versions of iOS, iPadOS, and macOS, and do not apply to earlier releases.

    When an RSR is applied, the update adds a letter to the end of the version number, for example turning iOS 16.4.1 to iOS 16.4.1 (a).

    According to a new support document, the default setting is for the RSR to be applied automatically, and for users to be prompted to restart the device when required. RSR installation can be disabled, with the content of the RSR rolled into the next standard software update.

    Read on AppleInsider
    Just downloaded to my Mac no problem.
    djkfisher
  • Reply 4 of 21
    iOS_Guy80iOS_Guy80 Posts: 854member
    Sane here on the east coast 2:35 pm.


  • Reply 5 of 21
    chr15hchr15h Posts: 13member
    Some problem in the UK
    williamlondon
  • Reply 6 of 21
    IOS worked second time after failing to verify IOS. at 15:24
    williamlondon
  • Reply 7 of 21
    mpantonempantone Posts: 2,104member
    This update is strange.

    It showed up on my iPad first. After entering my passcode, it downloaded the 85 MB patch very slowly then proceeded to apply the patch and reboot the unit while I wasn't looking, with no further prompting. I have automatic updating disabled.

    My primary iPhone received the patch the same way.

    They both show version 16.4.1 (20E252) with a separate Rapid Security Response as version 16.4.1 (a) (20E772520a). The latter can be removed.

    Luckily neither device was in the midst of doing anything important but I have become very apprehensive about updating Apple software over the past 7-8 years due to their declining software QA standards.

    I hope this patch doesn't cause more problems than it fixes. Unsurprisingly the accompanying Apple support document provides zero detail.
    edited May 2023 muthuk_vanalingam
  • Reply 8 of 21
    elijahgelijahg Posts: 2,789member
    Worked just fine on my iPhone, including a reboot. And on my Macbook too.

    Interestingly it seems you can remove the update too.

    edited May 2023 rezwits
  • Reply 9 of 21
    iOS_Guy80iOS_Guy80 Posts: 854member
    mpantone said:
    This update is strange.

    It showed up on my iPad first. After entering my passcode, it downloaded the 85 MB patch very slowly then proceeded to apply the patch and reboot the unit while I wasn't looking, with no further prompting. I have automatic updating disabled.

    My primary iPhone received the patch the same way.

    They both show version 16.4.1 (20E252) with a separate Rapid Security Response as version 16.4.1 (a) (20E772520a). The latter can be removed.

    Luckily neither device was in the midst of doing anything important but I have become very apprehensive about updating Apple software over the past 7-8 years due to their declining software QA standards.

    I hope this patch doesn't cause more problems than it fixes. Unsurprisingly the accompanying Apple support document provides zero detail.
    Thank you for your clarification I did not realize the update was for both iPhone and iPad according to the article the update was for iOS 16.4.1. As affertised the update took less than :30.
  • Reply 10 of 21
    M68000M68000 Posts: 789member
    Will wait until this becomes stable update if I can.  Wondering how long this went through their QA department 
    williamlondon
  • Reply 11 of 21
    MplsPMplsP Posts: 3,966member
    I was just able to install it on my iPhone. Interestingly it asked to use cellular data to download it even though I was connected to wifi. I'm not sure which it used - I'm inside with only 1 bar of signal but it appeared to download relatively quickly so I can't be sure that it didn't use wifi. 🤷‍♂️

    haven't tried on my MBP yet
  • Reply 12 of 21
    Anilu_777Anilu_777 Posts: 558member
    Downloaded without hitch on cellular 5:47 pm EDT.  ¯\_(ツ)_/¯  iPhone 14 Pro Max
    watto_cobra
  • Reply 13 of 21
    PERockwellPERockwell Posts: 35member
    M68000 said:
    Will wait until this becomes stable update if I can.  Wondering how long this went through their QA department 
    That's your prerogative. However, consider that this Rapid Response update is designed to get high priority fixes out Ito users, well, rapidly. To me, that means that something is pretty urgent to use this mechanism.

    But to intelligently make the decision whether the update is worth the risk, you need to know what the update fixes. It is pathetic that Apple has not provided documentation to say exactly what this update fixes. The link in the update points to a generic document telling you what Rapid Security Response updates are, but zero about what this one contains. 

    It is a good thing they give a mechanism to back it out. That's due to them using the cryptex mechanism - where the update is somewhat "containerized" and getting rid of it isn't as big a deal as removing a whole operating system update. 
    edited May 2023 elijahgwilliamlondonpscooter63watto_cobra
  • Reply 14 of 21
    bluefire1bluefire1 Posts: 1,304member
    No problem downloading it. The whole process from start to finish took about two minutes.
    rezwitsmike1pscooter63watto_cobra
  • Reply 15 of 21
    sunman42sunman42 Posts: 280member
    Downloaded without issue over WiFi at ~ 2:00 PM EDT, but would not install.

    Just tried again at ~ 8:20 PM EDT, and the installation and reboot went quickly and without a hitch.
    watto_cobra
  • Reply 16 of 21
    Hmm. This not connected to the Internet statement sounds like we’re being gaslit by ChatGPT. Did ChatGPT write this patch?
    williamlondonwatto_cobra
  • Reply 17 of 21
    M68000M68000 Posts: 789member
    M68000 said:
    Will wait until this becomes stable update if I can.  Wondering how long this went through their QA department 
    That's your prerogative. However, consider that this Rapid Response update is designed to get high priority fixes out Ito users, well, rapidly. To me, that means that something is pretty urgent to use this mechanism.

    But to intelligently make the decision whether the update is worth the risk, you need to know what the update fixes. It is pathetic that Apple has not provided documentation to say exactly what this update fixes. The link in the update points to a generic document telling you what Rapid Security Response updates are, but zero about what this one contains. 

    It is a good thing they give a mechanism to back it out. That's due to them using the cryptex mechanism - where the update is somewhat "containerized" and getting rid of it isn't as big a deal as removing a whole operating system update. 
    The solution cannot be worse than the problem.  It seems rushed, could break other things  will wait a day or two for more news.
    williamlondon
  • Reply 18 of 21
    chr15hchr15h Posts: 13member
    Didn’t work last night but worked this am on both my 12pro and 13.
    williamlondonwatto_cobra
  • Reply 19 of 21
    dewmedewme Posts: 5,540member
    I was surprised at how quickly it finished. I started the update then grabbed my coffee and moved to my other Mac because I thought the main Mac would be tied up for a while. Very shortly after I sat down at the second Mac I looked over my shoulder and saw the main Mac was already done updating. Thinking something failed I checked for any pending updates and there were none. Very nicely done. 
    watto_cobra
  • Reply 20 of 21
    tonylimatonylima Posts: 1member
    Also iOS install has a minor bug. Only affects those using alphanumeric passcodes. https://gonzoecon.com/2023/05/fix-this-bug-in-the-ios-16-4-1-a-update/
    watto_cobra
Sign In or Register to comment.