Apple Releases Rapid Security Patches To Fix Actively Exploited Vulnerabilities

Key Highlights

• Apple has released its first batch of publicly available “rapid security” patches to fix vulnerabilities under active exploitation or pose significant risks to its customers.
• However, the rollout hasn’t gone smoothly, and it’s unclear what the security patches, leaving users concerned about the recent exploits discovered by spyware makers QuaDream and NSO Group targeting iPhone owners.

Apple has released its first batch of publicly available “rapid security” patches to quickly fix security vulnerabilities that pose significant risks to its customers or are under active exploitation. 

Rapid Security Responses Introduced To Address Significant Risks

The updates on security patches are called “Rapid Security Responses” and “deliver important security improvements between software updates”, according to a notice. The feature is enabled by default and allows Apple customers to update their devices faster than a typical software update would take. 

Apple Rolls Out Rapid Security Patches, But Some Users Report Installation Issues

Some patches can even be installed without rebooting, although not always. 

1. Apple’s rapid security update is available for customers running iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1. 
2. Once installed, it will add a letter to the software version, such as iOS 16.4.1 (a), iPadOS 16.4.1 (a), and macOS 13.3.1 (a).

However, Monday’s rollout has not gone so smoothly, with some customers reporting that they cannot install the update. It is unclear what this security update fixes; Apple has not yet responded to a request for comment.

Details of Apple’s Rapid Security Patches Remain Unclear Amid Recent Exploits

Recent research revealed that spyware makers QuaDream and NSO Group had developed new exploits aimed at targeting iPhone owners worldwide, exploiting previously undisclosed vulnerabilities in Apple’s software, allowing their government customers to steal data from it a victim’s device silently. 

• Citizen Lab also reported last month that Lockdown Mode, a feature rolled out by Apple last year to prevent similar targeted attacks, had successfully blocked at least one NSO-developed exploit that abused a vulnerability in Apple’s smart home feature, HomeKit.
• Given the apparent seriousness of this latest security patch, Apple’s customers are advised to update their devices as soon as possible. 

As the Rapid Security Responses feature is designed to help customers receive important security updates faster, it is a significant step towards maintaining the security of Apple devices. However, with reports of installation issues, Apple must address any issues quickly to ensure that customers are not left vulnerable to exploitation.