Why Apple’s Rapid Security Responses Are Better Than a Software Update

They're faster, safer, and smaller

  • Apple's Rapid Security Responses are quick-fix patches that can be applied in minutes. 
  • The iPhone and iPad just got their first RSRs. 
  • An RSR can be removed by the user if anything goes wrong. 
Robot hands holding data in a 3D rendered illustration

Sabina Iliescu / 500px / Getty Images

Apple just issued its first Rapid Security Response for the iPhone, and it has changed the game in the fight against malware and security exploits. 

Until now, iPhone and iPad security fixes have had to wait for a regular software update to be released for your device, and then you might not update it for a few weeks after that. In the meantime, any of the patched exploits are in the wild and may attack your phone. Rapid Security Responses are small patches that can be deployed, as the name suggests, quickly. But an RSR is much more—and a bit less—than a regular software update. 

"By restricting these patches to just security fixes, Apple is reducing the amount of code it must develop and test, the time between updates, and the overall size of the patch that each device must download. Overall, this reduces the window of exposure and helps to neutralize exploits that are putting users and organizations at risk," Aaron Webb, senior product manager at Apple device management and security company Jamf, told Lifewire via email. 

Faster, Smaller, Safer

Healthcare professional hands placing a bandage on an arm

Luis Alvarez / Getty Images

There are three reasons the RSR is better than waiting for a software update and rolling all your security patches into that. 

One, it's faster. Faster to build because it is just a security patch, not a feature or bug-fix update for the entire OS. And also faster to download because it is smaller. At around 80MB, the recent RSR was small enough to download over most cellular plans. 

Second, it doesn't require a long installation process, where your iPhone or iPad is out of commission for a while. An RSR may or may not require a restart to apply it, but that's it. 

While many users don't always have the memory space on their phones to update, they can usually handle the rapid security response, which helps to keep their devices secure.

And third, the RSR is safer. That's because, unlike a full software update, the RSR can be reversed. Go to the Settings app, and check under General>About>iOS Version (or iPadOS Version) to see any recently-applied RSRs, along with a button to remove them. 

This will hopefully increase trust in the process. After a few disastrous updates with the iOS 13 launch, users may have become wary of running updates as soon as they appeared. And the small size of these updates has another benefit. Sometimes people don't have enough space left on their phone to download a multi-Gigabyte iOS update.

"While many users don't always have the memory space on their phones to update, they can usually handle the rapid security response, which helps to keep their devices secure," Kyle MacDonald, VP at mobile device deployment company Mojio, told Lifewire via email.

How Do They Work?

Adult putting band-aid on child's knee

MoMo Productions / Getty Images

Apple's operating systems are very secure, and one of the reasons is that it is impossible to modify the OS. It is read-only and cryptographically signed from top to bottom. But this also means that even Apple cannot modify the installed OS. Instead, it has to install a whole new OS every time it makes a change.

The key to understanding the RSR is to think of it just like a patch, or band-aid, something applied on top of the operating system. To facilitate this, some parts of the OS are kept outside of the read-only part of the OS. This is where the RSRs are applied. 

If all goes well, the fix will then be incorporated into the next full OS update. 

"By quickly releasing a temporary fix or workaround, Apple can reduce the window of opportunity for attackers to exploit the vulnerability," Peter Zendzian, cybersecurity expert and president of cybersecurity services company ZZ Servers, told Lifewire via email.

This is a great step forward in fast security updates, and the best thing to do is to make sure RSR updates are applied automatically and leave it that way. You can always remove it if something goes wrong.

"However, it's not enough for Apple to provide faster security updates; it's equally important for the public to understand the significance of applying operating system updates. Shockingly, in 2022, one in five devices ran on an outdated operating system," says Webb. "Therefore, it's essential for users to be a part of the cybersecurity strategy and take prompt action when prompted to update their devices."

Was this page helpful?