Jamf Blog
May 19, 2023 by Emily Kausalik

First look: Rapid Security Response contents

With the release of macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, Apple is showing us for the first time how they plan to document the CVEs that were addressed with prior Rapid Security Responses.

What are Rapid Security Responses?

Apple introduced a new kind of security update mechanism as part of iOS 16 called Rapid Security Responses. According to Apple, Rapid Security Responses (RSR) are a new type of software release for iPhone, iPad and Mac that deliver important security improvements between software updates.

Apple’s first RSR release

On May 1, Apple deployed its first Rapid Security Responses for devices running iOS 16.4.1 and macOS 13.3.1. The update versions were 16.4.1 (a) and macOS 13.3.1 (a) and, at the time of the release, no information was published about the security contents of the update. This left many wondering what exactly was patched with this urgent release.

The impression given at last year’s WWDC when Rapid Security Responses were introduced was that the updates would be ephemeral and rolled up into future security releases for the minor version of macOS, iOS, iPadOS, etc., with more information provided at a later time.

Security release notes

This week, Apple released macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. We’re now seeing our first set of security release notes that call out the security patches shipped as part of the Rapid Security Responses, which confirm the rollup release strategy with their security updates.

The Apple security updates page is the placeholder for all Apple security updates that are shipped from Apple. Each of the latest macOS, iOS and iPadOS updates include information about all of the security vulnerabilities that are addressed with each respective release.

Notably, we now see exactly how Apple will be denoting which vulnerabilities were fixed with the Rapid Security Responses shipped earlier this month by labelling specific CVEs as being “first addressed” with the Rapid Security Responses supplemental build detail.

Screenshots of the CVEs patched with the Rapid Security Responses shipped on May 1 (related to WebKit) are below, with Rapid Security Response macOS 13.31 (a) shown first and iOS and iPadOS 16.4.1 (a) shown second.

Apple's Rapid Security Response macOS 13.3.1 (a) release notes explaining changes related to CVE-2023-28204
Apple's Rapid Security Response iOS and iPadOS 16.4.1 (a) release notes explaining changes related to CVE-2023-28204

The benefit is real

Apple occasionally includes language stating “Apple is aware of a report that this issue may have been actively exploited” in security release notes. Two of the three CVEs patched in the Rapid Security Responses carry this disclaimer.

Therein lies the benefit of Rapid Security Responses: Apple was able to issue a security fix more than two weeks ahead of the next planned operating system releases. This new vehicle for security fixes should dramatically improve Apple’s ability to patch actively exploited vulnerabilities, which is great for individual users and for organizations using Apple devices.

Especially important for organizations deploying Apple at work or school is ensuring their device management solution is prepared to support the new Rapid Security Responses. Importantly, Jamf Pro was ready to both report on and deploy the new Rapid Security Responses when they were released earlier this month, giving organizations immediate visibility into the security posture of their fleet and a method to remotely deploy these critical software updates to devices.

Manage and report on Rapid Security Responses

This is only the beginning of this new approach with more dynamic security updates from Apple and we expect that they will continue to issue new Rapid Security Responses to patch actively exploited vulnerabilities.

Learn how Jamf Pro can help your organization report on and manage Rapid Security Responses for macOS, iOS and iPadOS.

Emily Kausalik
Jamf
Manager, Client Platform Engineering
Other authors:
Michael Devins
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.