"Background Security Improvements": Little clarity on Apple's novel updates

With iOS 26.1, macOS 26.1, and iPadOS 26.1, Apple has introduced a new security feature, but is only hesitant to say what it can ultimately achieve. The so-called Background Security Improvements (BSI), called "security improvements executed in the background" in German, appear to be the replacement for the previous Rapid Security Response (RSR), which Apple introduced in 2023 but had used almost never – partly because there were severe technical problems with it in the meantime, which led to "updates for the update." Initially, it seems that BSI is just a new name for RSR – at least, the minimal documentation available so far minimal documentation offers little new information. The basic idea remains that at least certain system areas should be supplied with security-relevant updates faster and (often) without a restart. However, Apple's own system protection of the system volume (Signed System Volume, SSV) gets in the way.

What BSIs are and where you can switch them on and off

Apple now writes that BSIs contain "minor security releases for components such as the Safari browser, the WebKit framework stack, and other system libraries" that are intended to "benefit from smaller and continuous security patches between software updates." If compatibility problems occur in "rare cases," BSIs can also be removed again and then updated anew. In iOS 26.1, macOS 26.1, and iPadOS 26.1, they are active by default. "General information" will be published after each release on its support website, along with the corresponding CVE details, Apple further states.

Whether BSI is active or not can be checked on iPhone and iPad under "Privacy & Security" in the Settings app; on Mac, it is also in System Settings (via the Apple menu, the quickest way to access it) in the "Privacy & Security" section. Here you then look for "background security improvements" and can check whether "install automatically" is activated. If this has been deactivated, the BSI fixes will only land on the device with the next macOS, iOS, and iPadOS update.

Cryptex trick and the question of Safari updates

Due to the SSV, BSI updates leave little room to make direct changes to the system. As Mac & i author and macOS expert Howard Oakley writes on his blog, BSIs are distributed via cryptex files. "These are strictly protected by signatures to verify their content and are only mounted after the kernel has booted. APFS then integrates them into the root file system so that their content appears in the correct places."

Ultimately, Safari and WebKit, as well as frameworks that use dyld caches, are currently updated this way. AI functions can also receive security-relevant improvements in this way on Apple Silicon machines. The process of larger system updates, which involve changes to the SSV, still requires restarts, and that's likely to remain the case. When it comes to Safari improvements, Apple could also simply update the browser on its own in the meantime. The company already does this now when it updates it for older Mac operating systems. Only the current macOS always contains Safari in the complete, restart-required update package.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)