Apple pushes first-ever ‘rapid’ patch – and rapidly screws up


Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix.

This type of patch is supposed to be downloaded and applied automatically and seamlessly by the operating system to immediately protect devices from exploitation, thus avoiding the usual system update cycle that users may put off or miss and thus leave their stuff vulnerable to attack.

As luck would have it, though, this first-of-its-kind patch didn’t go off without a hitch. Some Cupertino fans reported problems actually getting the update.

“iOS Security Response 16.4.1 (a) failed verification because you are no longer connected to the internet,” was the commonly reported failure message from the operating system, although users typically were able to apply the security update after a try or two.

Also: Apple hasn’t released any notes alongside the rapid patch nor if the update patched a vulnerability that miscreants have already found and exploited. And as security analyst Will Dormann asked, will the bug(s) will eventually be assigned CVEs? 

Read more…