Intro to secure software updates
Apple regularly releases software updates to address emerging security concerns and to provide new features; these updates are generally provided for all supported devices simultaneously. Users of iOS and iPadOS devices receive update notifications on the device and through iTunes (in macOS 10.14 or earlier) or the Finder (macOS 10.15 or later). macOS updates are available in System Preferences. Updates are delivered wirelessly, for rapid adoption of the latest security fixes.
The startup process helps ensure that only Apple-signed code is being installed. For example, System Software Authorization ensures that only legitimate copies of operating system versions that are actively being signed by Apple can be installed on iOS and iPadOS devices, or Mac computers with the Full Security setting configured as the secure boot policy in the Startup Security Utility. This system prevents iOS and iPadOS devices from being downgraded to older versions that lack the latest security updates, and can be used by Apple to prevent similar downgrades in macOS. Without this protection, an attacker who gains possession of a device could install an older version of iOS or iPadOS and exploit a vulnerability that’s been fixed in newer versions.
In addition, when a device is physically connected to a Mac, a full copy of iOS or iPadOS is downloaded and installed. But for over-the-air (OTA) software updates, only the components required to complete an update are downloaded, improving network efficiency by not downloading the entire OS. Additionally, software updates can be cached on a Mac running macOS 10.13 or later with Content Caching turned on, so that iOS and iPadOS devices don’t need to redownload the necessary update over the Internet. They’ll still need to contact Apple servers to complete the update process.