Background Security Improvements on Apple devices
Background Security Improvements are a type of software release for applying security fixes to users more frequently by not requiring a full software update. These responses are included in any ensuing minor update (not upgrade) and, on a Mac, applied content appears on the Preboot volume (through symbolic links in /System/Cryptexes/).
Background Security Improvements that involve the operating system require the device to restart. For Mac computers, the applied operating system content may be made available to Safari and its associated processes with just a relaunch of those processes, though a restart is required to make this content broadly available to the rest of the operating system.
Background Security Improvements also don’t adhere to the managed software update delay; however, because they apply only to the latest minor operating system version, if that minor operating system update is delayed, the response is also effectively delayed. If necessary, the user can also remove the responses.
When applying a Background Security Improvement to a Mac laptop, the Mac needs to be connected to power or have the minimum battery percentages.
Mac laptop type | Minimum battery percentage required |
|---|---|
Mac with Apple silicon | 10% |
Intel-based Mac | 20% |
Background Security Improvements and a device management service
Device management services can use the following restriction keys on supervised iPhone, iPad, and Mac devices:
allowRapidSecurityResponseInstallation: To disable the responses from being applied.
allowRapidSecurityResponseRemoval: To block the user from being able to remove the responses.
Note: On Mac computers, a profile containing these restrictions can also be installed by a local administrator.
To automatically apply the responses and prompt the user to restart (if required):
On iPhone and iPad: Turn on the Security Responses & System Files option for Software Update in Settings > General.
On Mac: Turn on Install Security Responses & System Files in the Advanced option of Software Update in System Settings > General, or set
CriticalUpdateInstallto true using a device management service.
If a device is on the latest operating system and a Background Security Improvement is available, AvailableOSUpdates returns the response. Send a command to the device with the ProductKey to apply the Background Security Improvement remotely. Note that a device management service can apply the response to devices only on the latest minor version.
Device management services can also report on Background Security Improvements with the SupplementalBuildVersion and SupplementalOSVersionExtra keys in DeviceInfo and the AvailableOSUpdate queries.
Background Security Improvement versioning
Each Background Security Improvement is versioned relative to its base operating system version, starting with “a,” then “b,” and so on. Within a line of Background Security Improvements, successive ones always include the changes from previous ones. Subsequent minor operating system updates include the content from all the Background Security Improvements that were issued for the previous operating system version. The table below shows an example of how minor operating system updates affect Background Security Improvements.
Note: These are examples and not to be considered actual Background Security Improvement versions.
Operating system version installed | Background Security Improvement version examples | Description |
|---|---|---|
iOS 16.2 macOS 13.1 | a b | Two Background Security Improvements (“a” and “b”) were available. |
iOS 16.3 macOS 13.2 | a b c | Three Background Security Improvements (“a”, “b”, and “c)” were available. iOS 16.3 and macOS 13.2 include the content from the two previously available for iOS 16.2 and macOS 13.1. |
iOS 16.4 macOS 13.3 | a | One Background Security Improvement (“a”) was available. iOS 16.4 and macOS 13.3 include the content from the three previously available for iOS 16.3 and macOS 13.2. |
DeviceInfo example
The content emphasized is the additional Background Security Improvement information.
OSVersion = "13.1";BuildVersion = 22A100;SupplementalBuildVersion = 22A771000a;SupplementalOSVersionExtra = "(a)";AvailableOSUpdate example
The content emphasized is the additional Background Security Improvement information.
<key>Build</key><string>22A100a</string><key>DownloadSize</key><integer>558432785</integer><key>HumanReadableName</key><string>macOS Security Response 13.1 (a)</string><key>HumanReadableNameLocale</key><string>en-US</string><key>IsConfigDataUpdate</key><false/><key>IsCritical</key><false/><key>IsFirmwareUpdate</key><false/><key>ProductKey</key><string>MSU_UPDATE_22A771000a_patch_13.1_rsr</string><key>RequiresBootstrapToken</key><true/><key>RestartRequired</key><true/><key>Version</key><string>13.1</string><key>IsSecurityResponse</key><true/><key>SupplementalBuildVersion</key><string>22A771000a</string><key>SupplementalOSVersionExtra</key><string>(a)</string>