A look at how Apple is sharing RSR information in rollup security updates

CVE details are now available for the first batch of Rapid Security Response updates.

Apple deployed it’s first Rapid Security Response (RSR) earlier this month. A big point of interest has been finding out what the RSR actually addressed. The impression given at last year’s WWDC was that the RSR would be ephemeral and rolled up into future security releases for the target minor version of macOS, iOS, iPadOS, etc., with more information provided at a later time.

Today we’re seeing our first security updates for macOS Ventura and i/PadOS 16, and we’re also now seeing our first set of release notes that call out the security patches shipped as part of the RSRs and confirming the rollup to address that CVE in the security update.

The Apple security updates page is the placeholder for all Apple security updates that are shipping from Apple. Both the macOS Ventura and i/PadOS 16 updates include what vulnerabilities were addressed with the RSR. Screenshots of those (related to WebKit) are below.

macOS Ventura security update rollup for RSR macOS 13.3.1 (a).

i/PadOS security update rollup for RSR 16.4.1 (a).

Write a comment