Apple’s quick security updates for iPhone and other devices are a crucial part of the company’s Rapid Security Response (RSR). Even with the best efforts, security gaps will be present in any operating system, including Apple’s. Attackers can use these to hijack iPhones, iPads, or Macs, so prompt updates are necessary.
When updates are rolled out, the manufacturer draws attention to the closed gap. However, attackers can use binary analysis to reconstruct the security gap from the code of the update. Once suitable attack software is developed, it is only a matter of time before it is available. As such, the clock starts running when a security update is published.
Until recently, Apple has delivered security updates only collectively as part of major system and feature updates. However, leaner updates were issued in the event of significant security gaps. This is because updates to more complex operating systems such as macOS or iOS can affect a wide range of components and functions. As such, the assembling and testing of updates take time, and glitches may arise.
Heise+ offers a comprehensive archive of IT and technology-related information to subscribers. Anyone interested in learning about Apple’s Rapid Security Response can access the article for free for a limited time. Monthly subscriptions start at €9.95, and magazine subscribers receive a discounted rate, including free access to c’t photography. Those already subscribed to heise+ can register and read the article immediately.
