Apple RSR re-release

495 Views

Addressing the risks posed by critical security vulnerabilities has been a long-time struggle for vendors, organisations and end users alike.

For a long time, Apple has bundled security patches into general operating system updates, which allowed them to maintain a well-understood software development lifecycle. However, as their business changed and as the threat landscape evolved, it became essential for more frequent updates that could address vulnerabilities actively being exploited by hackers.

This new patch model was adopted by Apple just within the last year.

Software is always going to have bugs. And there’s an even higher likelihood of coding errors when software is rushed to market. But Apple’s Rapid Security (RSR) updates manage this risk by keeping the patches small to reduce the code that must be reviewed and the impact it will have on the system; the updates are targeted to address only the most impactful vulnerabilities.

Despite recent issues which had an impact on a small subset of the user base, we highly recommend the installation of Apple’s RSR updates as soon as they are published. The risk of being exposed to active hacker campaigns is far worse than the minor impact a targeted patch could have on a user’s experience.

For organisations with device management infrastructure, we recommend a staged deployment that installs RSR updates by group, allowing IT to get real-time feedback on any impact, while also allowing security to quickly manage the organisation’s risk exposure. For smaller businesses and individuals, rest assured that Apple does perform extensive testing of the RSR updates and it is best to protect your personal and business information by reducing the attack surface area with any RSR once available.