Apple recently introduced Rapid Security Responses (RSRs) for the latest versions of its iPhone, iPad, and Mac operating systems. RSRs represent a pivotal shift in the software update paradigm, designed to segregate critical security patches from comprehensive operating system updates. These RSRs, in the form of software updates, are delivered between regular OS updates and serve the primary purpose of swiftly addressing significant security vulnerabilities, particularly those currently being actively exploited by malicious threat actors. This novel approach empowers Apple to promptly disseminate solutions for security weaknesses, consequently enhancing protection for all users.
By default, RSRs are automatically applied within the various operating systems, a configuration well-suited for individual Apple users. However, organisations necessitate a distinct approach to maintain security while avoiding potential operational disruptions stemming from unforeseen and unintended consequences of software upgrades.
In a landscape where cyber exploits are rampant, delaying updates poses an elevated risk, exposing organisations to cyber-attacks and the swift exploitation of newly discovered vulnerabilities. Attackers are acutely aware of the window of opportunity before countermeasures are implemented. Organisations must effectively balance the advantages of rapid security patch deployment against potential productivity and uptime disruptions.
Every organisation employing Apple devices must develop and follow a clear strategy to handle Apple’s new RSR approach to OS upgrades. IT teams should start by making an inventory of all Apple devices in use—company-owned and employee-owned devices being used as BYOD (bring-your-own-device).
Particular attention should be dedicated to BYOD devices since they fall under a different level of organisational control than company-owned devices. The Office of the Australian Information Commissioner (OAIC), in its latest Notifiable Data Breaches report, advises all organisations that permit BYOD to “review their IT security policy to ensure it addresses risks arising from BYOD and educate their employees on how to securely use BYOD to prevent data breaches of work systems.”
It is imperative to note that RSR applies only to recent versions of iPhone, iPad and Mac OSes: iOS 16.4.1, iPadOS 16.4.1 and macOS 13.3.1 (Ventura) or later versions. All devices should be upgraded to these versions, and those that are too old to support them are better off retired.
For the remaining devices, RSR should be decommissioned so RSR upgrades can be applied incrementally and managed to minimise the impact of any unforeseen consequences. The primary goal is to ascertain the safety of a particular upgrade as swiftly as possible to reduce the vulnerability window.
An effective approach involves identifying early adopters who are representative of mainstream users. These early adopters should be users of business-critical applications spanning all core business areas. They should be trained to offer rapid feedback regarding any issues arising following an RSR upgrade.
Upon the release of an RSR OS update by the App, the initial deployment to early adopters should be based on the vulnerabilities it addresses and an assessment of how and where these vulnerabilities might impact the organisation’s operations.
This initial deployment must be followed by rigorous testing to identify any problems. It should be succeeded by a phased rollout to all users, with the objective of upgrading 90-95% of devices within two weeks. Prior to the upgrade, all devices should be meticulously checked for any prior compromises.
In the context of a large organisation with a substantial fleet of Apple devices, the management of this process can be challenging. A mobile device management (MDM) product can significantly ease this process by providing visibility into the entire device fleet, allowing instant assessment of OS version levels. When it’s integrated with a security information and event management (SIEM) system and network security tools, threat detection is enhanced.
Nevertheless, not all MDM solutions are created equal. It is essential to select one that offers same-day support for Apple updates, enabling a security team to take immediate action when critical patches are released. Industry-leading Apple enterprise management provider Jamf has consistently delivered same-day support for all Apple releases for over a decade.
With the right tools and policies, your organisation can take full advantage of Apple’s accelerated patch release process. BY planning tests with early adopters, implementing phased RSR deployments, controlling unpatched access, and proactively seeking threats, organisations can navigate the evolving threat landscape while staying ahead of emerging attacks. It is essential to move swiftly yet thoughtfully, as comprehensive security necessitates vigilance before, during, and after updates.