Rapid Security Responses in Apple operating systems
Rapid Security Responses (RSRs) for iOS, iPadOS, and macOS deliver important security improvements between software updates—for example, improvements to the Safari web browser, the WebKit framework stack, and other critical system libraries. RSRs enable rapid delivery of ongoing and regular security improvements. RSR security content is published in the Apple Support article Apple security releases. RSRs differ from software updates in the following ways:
On devices with macOS, Safari security improvements delivered through an RSR become active as soon as Safari is relaunched, even before the whole operating system restarts.
RSRs are activated instantly upon restart; the system volume doesn’t need to be cryptographically resealed, and therefore the device doesn’t need to cycle through a RAM disk.
RSRs require a much lower battery state of charge than is required to install a software update.
An RSR can be removed, which reverts the device to the baseline software update state with no RSRs applied.
An RSR can be reapplied after removal.
The system volume in iOS, iPadOS, and macOS has been reorganized to support RSRs. Content that can be patched using the RSR mechanism has been moved into cryptexes, which are optimized, cryptographically sealed disk images that reside on the preboot volume alongside other boot firmware. Cryptexes have different subtypes for operating system framework components and apps, and they can be updated by applying a binary patch to their backing disk image file.
Cryptex content is bootstrapped after the kernel has booted. The measurements of the cryptexes, their file system seals, and their associated trust caches are all represented in a separate Image4 ticket, which is cryptographically bound to the device on which it resides. When an RSR is being applied, the device sends a request to Apple’s trusted signing service to obtain a corresponding Cryptex1Image4 manifest; the existing AP boot ticket isn’t updated.
On devices with macOS, an RSR may offer the user the option to apply the changes in the RSR to the Safari web browser by quitting and relaunching it. After Safari has been relaunched, it uses the framework and library content from the new cryptexes. The rest of the operating system remains unaffected and doesn’t make use of the new content until the system restarts.
Removing RSRs
RSRs are intended to be removable in case a critical regression associated with the RSR is discovered. Users can also elect to remove all Rapid Security Responses currently applied on their device. In addition, in the rare event that a Rapid Security Response affects software compatibility or quality, Apple may remove the most recently applied Rapid Security Response from users’ devices via the Automatic Software Update mechanism. To facilitate removal, RSRs ship both a patch and an antipatch to the device. If the user performs a removal, it’s used to return all cryptexes to their base state—in other words, the removal action removes all currently installed RSRs, returning patched system binaries to the version from the last installed software update. A restart is required to complete RSR removal. For more information, see the Apple Support article If you need to remove a Rapid Security Response.
Removal recommendations
If Apple observes that a Rapid Security Response is contributing to a potentially higher rate of application crashes, the identities of the affected applications are published by a service that devices regularly query. Devices having that RSR installed then use an on-device analytics system to see whether one of the affected applications has crashed significantly more often after installing the RSR. If the user encounters such a crash, the operating system lets them know the RSR may be contributing to the issue, and the user is offered the opportunity to remove all RSRs and restore the device to its last software update.
Analytics related to removal recommendations (for example, the application that triggered the recommendation or the fact that the recommendation was displayed) are sent to Apple only if the user has agreed to share this information using the following settings:
iPhone: Settings > Privacy & Security > Analytics & Improvements > Share iPhone & Watch Analytics
iPad: Settings > Privacy & Security > Analytics & Improvements > Share iPad Analytics
Mac: Settings > Privacy & Security > Analytics & Improvements > Share Mac Analytics