IT administrators overseeing deployments of Apple devices should apply the iOS Rapid Security Response update–the company’s first such security-only fix–as we wait for more details on what exactly the update is fixing.
Apple released the update Monday through its Rapid Security Response update program, urging all users of iOS devices to apply the iOS Security Response 16.4.1 (a) update.
“This Rapid Security Response provides important security fixes and is recommended for all users,” Apple says of the update.
Apple has been silent on what vulnerabilities this update fixes, but it must be important, as the Rapid Security Response program is designed to fix vulnerabilities without having to issue a full software update.
However, no new CVE has appeared on its security update page, and a notice along with the update doesn’t detail anything about the issues it is fixing.
According to Apple, these kind of updates could provide security improvements in Safari, the WebKit framework, or other critical system libraries. They could also be used to mitigate zero day vulnerabilities or in-the-wild bugs.
The company says Rapid Security Responses are delivered only for latest versions of iOS, iPadOS and macOS. Devices should allow these updates to be applied automatically and should prompt users to restart their devices.
However, some users on Twitter reported on Monday getting an error message when trying to apply the updates. I tested it out myself Tuesday morning and the update was successful, but had to do so manually even though I had automatic updates enabled. Since this is a new deployment model, there might be some kinks Apple has to work out.
Like other software updates, users can navigate to Settings>General>Software Update to apply the Rapid Security Response. Doing so can also allow users to make sure that automatic updates for Rapid Security Response updates are turned on.
Users can opt out of Rapid Security Response updates and instead receive fixes or mitigations when they’re included in full software updates.
Admins should consult this Apple support document about how to manage Rapid Security Responses on Apple devices.