Background Security Improvements on Apple devices
Background Security Improvements are a type of software release for applying security fixes to users more frequently by not requiring a full software update. These responses are included in any ensuing minor update (not upgrade) and, on a Mac, applied content appears on the Preboot volume (through symbolic links in /System/Cryptexes/).
Background Security Improvements that involve the operating system require the device to restart. For Mac computers, the applied operating system content may be made available to Safari and its associated processes with just a relaunch of those processes, though a restart is required to make this content broadly available to the rest of the operating system.
Background Security Improvements also don’t adhere to the managed software update delay; however, because they apply only to the latest minor operating system version, if that minor operating system update is delayed, the response is also effectively delayed. If necessary, the user can also remove the responses.
When applying a Background Security Improvement to a Mac laptop, the Mac needs to be connected to power or have the minimum battery percentages.
Mac laptop type | Minimum battery percentage required |
|---|---|
Mac with Apple silicon | 10% |
Intel-based Mac | 20% |
Background Security Improvements and a device management service
Device management services can use the following on supervised iPhone, iPad, and Mac devices:
Set
InstallSecurityUpdatetoAlwaysOninSoftwareUpdateSettingsAutomaticActionsObjectto prevent users from turning off automatic installation of Background Security Improvements.Set
InstallSecurityUpdatetoAlwaysOffinSoftwareUpdateSettingsAutomaticActionsObjectto prevent users from turning on automatic installation of Background Security Improvements.Set
EnabletofalseinSoftwareUpdateSettingsRapidSecurityResponseObjectto prevent users from manually installing Background Security Improvements.Set
EnableRollbacktofalseinSoftwareUpdateSettingsRapidSecurityResponseObjectto prevent users from removing Background Security Improvements.To enforce installation of Background Security Improvements, the
SoftwareUpdateEnforcementSpecificconfiguration optionsTargetOSVersionandTargetBuildVersionare required. TheTargetBuildVersioncan be found on the Apple Software Lookup Service webpage.
To automatically apply the responses turn on Settings > Privacy and Security > Background Security Improvements.
Device management services can also report on installed Background Security Improvements with the StatusDeviceOperatingSystemSupplementalExtraVersion and StatusDeviceOperatingSystemSupplementalBuildVersion keys in the declarative Status Report.
Background Security Improvement versioning
Each Background Security Improvement is versioned relative to its base operating system version, starting with “a,” then “b,” and so on. Within a line of Background Security Improvements, successive ones always include the changes from previous ones. Subsequent minor operating system updates include the content from all the Background Security Improvements that were issued for the previous operating system version. The table below shows an example of how minor operating system updates affect Background Security Improvements.
Note: These are examples and not to be considered actual Background Security Improvement versions.
Operating system version installed | Background Security Improvement version examples | Description |
|---|---|---|
iOS 16.2 macOS 13.1 | a b | Two Background Security Improvements (“a” and “b”) were available. |
iOS 16.3 macOS 13.2 | a b c | Three Background Security Improvements—“(a)”, “(b)”, or “(c)”—were available. iOS 16.3 and macOS 13.2 include the content from the two previously available for iOS 16.2 and macOS 13.1. |
iOS 16.4 macOS 13.3 | a | One Background Security Improvement (“a”) was available. iOS 16.4 and macOS 13.3 include the content from the three previously available for iOS 16.3 and macOS 13.2. |