Apple’s first Rapid Security Response patch fails to install on iPhones


Apple has launched the first Rapid Security Response (RSR) patches for iOS 16.4.1 and macOS 13.3.1 devices, with some users having issues installing them on their iPhones.

As the company describes in a recently published support document, RSR patches are small-sized updates that target the iPhone, iPad, and Mac platforms and patch security issues between major software updates.

Some of these out-of-band security updates may also be used to address vulnerabilities actively exploited in attacks.

“They deliver important security improvements between software updates — for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries,” Apple explains.

“They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild’.”

You can go through the following steps to check if RSR patches are available for your device:

  • iPhone or iPad: Go to Settings > General > Software Update > Automatic Updates, then make sure that “Security Responses & System Files” is turned on.
  • Mac: Choose Apple menu  > System Settings. Click General in the sidebar, then click Software Update on the right. Click the Show Details button ​ next to Automatic Updates, then make sure that “Install Security Responses and system files” is turned on.

Should you disable automatic updates or decline to install Rapid Security Responses when offered, your device will receive the security patches as part of a future software upgrade.

First RSR patch for Macs
First RSR patch for Macs (BleepingComputer)

​First RSR patch fails to install on some iPhones

According to user reports [1, 2, 3, 4], the RSR update delivered today for iPhones also fails to install on some devices with “Unable to Verify Security Response” errors.

“iOS Security Response 16.4.1 (a) failed verification because you are no longer connected to the Internet,” the errors read.

Despite this, as BleepingComputer confirmed, the affected devices are connected to the Internet, and a server-side bug likely causes the issues.

First iOS RSR patch failing to install
The First iOS RSR patch failing to install (BleepingComputer)

​While today’s Rapid Security Responses are rolling to all iOS and macOS users, Apple is yet to share what security improvements they bring.

The “Apple security updates” page, which usually lists the latest security updates, has no details on today’s RSR patches, and Apple has not yet shared where they’ll share this information.

The only info shared on the update screen is that “This Rapid Security Response provides important security fixes and is recommended for all users. To learn more please visit: https://support.apple.com/HT201224.”

However, the page linked in the release notes is the support page published this week that will only explain what Rapid Security Responses for iOS, iPadOS, and macOS are.

An Apple spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for more details on what was patched in today’s RSR updates and what is causing the install issues.





Source link