Part of:Apple macOS security basics for IT administrators
How to use the Apple Rapid Security Response updates
Typical Apple OS updates are large and infrequent, but the Rapid Security Response feature helps admins keep Apple devices patched without performing full OS updates.
One of the most important things that any organization can do to keep its IT resources secure is keep software such as desktop OSes up to date with the most recent security patches.
Once a vulnerability has been discovered, cybercriminals go to work quickly for ways to exploit the vulnerability. The biggest problem with this is that there can be a considerable gap between the date when a vulnerability is discovered and when affected systems are ultimately patched, leaving the systems vulnerable until those patches are released.
Further, IT professionals will also usually spend a bit of time testing patches to make sure they don't cause any problems, rather than deploying those patches the moment they become available.
Apple has adopted a new approach to security updates to help administrators roll out patches as quickly as possible. Previously, Apple would bundle security updates with full OS version updates, meaning users who upgraded to the latest macOS version would also receive all the latest security updates. The disadvantage to this approach, however, was that security updates were typically not available until the next OS version update.
What is the Rapid Security Response feature for Apple updates?
With the Rapid Security Response feature, Apple has addressed the single biggest pain point that is most commonly associated with the patch management process: slow patch deployment.
Windows users, for example, often complain of update fatigue. Microsoft pushes numerous patches to Windows machines, and most Windows security updates require a reboot. Microsoft has taken steps to make reboots less disruptive by reopening browser pages and applications following the reboot, as unwanted reboots can hinder user productivity and has potential for causing data loss. Conversely, Apple has designed its Rapid Security Response feature in a way that avoids the need for a reboot entirely.
While it is possible for organizations to simply allow their Apple devices to automatically download and install updates, IT best practices have long underscored the importance of testing patches prior to mass deployment. As such, IT administrators should disable automatic updates and rely on a centralized tool that will allow them to wait to deploy updates until those updates have been adequately tested.
How should Apple's Rapid Security Response affect macOS update testing?
Although the concept of security patch testing seems relatively straightforward, there are some important things that organizations absolutely must consider. The first such consideration is whether the existing patch management platform will even support Apple's Rapid Security Response feature.
In the past, Apple has deployed patches as a part of OS version updates. While plenty of organizations have automated management platforms for deploying OS upgrades, those tools probably are not going to be able to handle standalone security patch deployments unless the tool itself is updated to accommodate Apple's new approach to updates.
Organizations might test OS version upgrades for weeks, but there can be a much smaller testing window for Apple's Rapid Security Response updates.
Another important factor to consider is that an organization's existing protocol for upgrade testing may or may not be appropriate for use with Apple's new standalone security updates. New OS version updates don't get released all that frequently, so when they do, organizations will typically take their time testing the new OS version prior to deploying it to end users' desktops. After all, IT pros want to make sure that the new OS version isn't going to cause any problems with line-of-business applications that users depend on, and verifying that the new OS version does not cause any software compatibility issues takes time.
Security updates differ from OS version updates in that when IT applies a security update, it is typically only changing a very small part of the OS. Although security updates have been known to cause problems on occasion -- particularly on other platforms -- the fact that security updates are often minor in scope reduces the likelihood of such problems occurring.
Conversely, it is also important to remember that a security update is intended to correct a known vulnerability, and until that vulnerability is patched, affected systems could potentially be compromised. Perhaps more importantly, cybercriminals actively look for unpatched systems containing known exploitable vulnerabilities.
This does not mean that IT teams should install macOS Rapid Security Response security updates without testing them first, but rather that IT can expedite the testing and deployment of security patches.
Organizations might test OS version upgrades for weeks, but there can be a much smaller testing window for Apple's Rapid Security Response updates. Organizations will typically spend anywhere from a few hours to a couple of days testing security updates. The goal is to deploy security updates as quickly as possible, while also making sure that you do not introduce any problems in the process.
