Apple can finally patch your iPhone or Mac without a huge OS update

Apple can finally patch your iPhone or Mac without a huge OS update

  • Rapid Security Response can patch your iPhone or Mac without a full update.
  • It is on by default in iOS 16.
  • RSR is less secure than a proper OSD update, but it’s also faster at patching new vulnerabilities.

Szabo Victor/Unsplash

There is one new feature in Apple’s iOS 16 that you may not have heard of before, but which will make a huge difference to your security.

it’s called Rapid Security Response (RSR), and allows Apple to quickly patch security vulnerabilities on the go. Unlike regular iOS software and security updates, RSR does not require a reboot after installation, lowering the barrier to keeping you as safe as possible, as soon as possible. But not everything is positive. RSRs are relatively untested in the wild and aren’t as secure as roasting them in OS updates. It is also removable.

The big risk is that because these patches are built and distributed quickly, they won’t be thoroughly tested. Dr. Howard Oakleya Mac expertTell Lifewire via email. “So they can cause more problems with compatibility, hence the importance of users being able to remove them if they wish.”

Quick security response

When Apple discovers a vulnerability in iOS or macOS, it has to push the entire operating system update to patch it, which is a pain for the user. First, it may not update at all. After that, even if automatic updates are enabled in the settings, the updates can take several days and sometimes longer to arrive.

And even if you’re on top of all this, the fact that you have to reboot and let the installer run may make you turn it off. RSRs fix this by allowing quick patching of the operating system without rebooting. These patches can also be smaller, which makes downloads faster. The result is that you are protected as quickly as possible without having to do anything.

Unsplash / Mockup Photos

However, there are two downsides. One is that these patches are not fully integrated and could theoretically be traded or removed by malicious actors. The other is that these malicious actors can install their own RSR patches if they work out how to do so.

“Nice move. I have friends and relatives who don’t update iOS often, and [they] They lost a lot of security patches. “I wish we had this feature years ago, but better late than never,” said Mac user and expert Roncron. in the MacRumors forums.

To see how this works, we must dig into what makes Apple’s operating systems so secure.

Along the way

In the old days, system files were just files located in folders on your computer. You may need to enter your password to move, delete, or modify it, but with a password, a malicious program – or intruder – could have modified your computer, and you’ll never know.

Now, Apple uses something called Site System Volume, or SSV. When you install an operating system update, your Mac (or iPhone) calculates a unique key (called a hash) for each file it installs. It gets grouped, and each new group gets its own hash, and so on.

In the end, like going back along the branches of a tree, you’ll get a single hash computed from everyone under it. This is the “seal”. This seal can be compared to the main Apple seal for that version of iOS or macOS, and if it doesn’t match, your Mac knows it’s been hacked. Complete setup makes it It is impossible to modify the system. If so, your computer will not boot.

Greenwalds / Getty Images

“Basically, making any change to an SSV is huge, time consuming, space hungry, and requires a reboot. That’s the way it has to be, so it’s also difficult for malware,” says Oakley. “What Apple has built into RSRs is a mechanism to do this without touching the SSV itself. Provided it proves to be secure, it’s a huge improvement and perfect for distributing patches between macOS updates and security updates.”

RSR patches are located outside of this tree of cryptographic hashes and are therefore less secure. But in practice, we still don’t know if they’re actually any less safe. After all, if these RSR updates fix known vulnerabilities, they also make your PC more Safe at the same time.

These hotfix updates must also go out as part of a full subsequent OS update, as they will be properly integrated into this trust tree. This is good news for us, the users, especially since we don’t have to do anything. The new RSR feature is enabled by default, which is kind of the point. It’s another reason to update to iOS 16 and macOS Ventura as soon as possible.

#Apple #finally #patch #iPhone #Mac #huge #update

Leave a Comment

Your email address will not be published. Required fields are marked *