heise PlusAbo
Anzeige

Hard to find: Apple releases Background Security Improvement update

With so-called BSIs, Apple wants to update devices faster for smaller fixes. The problem: They are hidden deep in the settings.

listen Print view
In the middle a red security lock with a finger on it, surrounded by other security locks in blue. Schematic representation.

BSIs at Apple are becoming a treasure hunt.

(Image: Ole.CNX / Shutterstock.com)

2 min. read
Mac & i
By

Mini-update in the middle of the night: Apple has released its first so-called Background Security Improvement, or BSI for short, for users of iOS, macOS, and iPadOS. This closes a security vulnerability in Apple's Safari browser (or rather, its browser engine WebKit). However, installation is by no means simple; Apple has even hidden it well – in a place where many users wouldn't even look. Even if automatic updates were previously enabled, the BSI did not install itself, as tests in the Mac & i editorial office showed.

What's behind the new update type

According to Apple, BSIs are intended to enable “updates between updates” so that users don't have to wait too long for updates if vulnerabilities appear between larger update packages. The advantage of BSIs is also that they usually only require a short reboot of the devices – sometimes none at all – which is usually faster than a normal restart.

Videos by heise

The vulnerability now closed doesn't seem extremely critical at first glance: it's about preventing malicious websites from circumventing the so-called Same Origin Policy. This could allow access to data in other browser windows or tabs. Whether this has already happened is unclear. At least Apple does not mention any “known reports” in its release notes, as is the case with existing exploits.

Where to find the BSIs

The problem: Apple relies on a different distribution infrastructure, and BSIs can even get lost. Instead of under “General” and “Software Update,” like normal updates, BSIs are found under “Privacy & Security.” There, you have to scroll all the way down to “Background security improvements” (German term for BSIs). Here you can activate “Install Automatically,” although as mentioned, this did not happen in our tests – it can take time, as Apple takes several days for this.

Otherwise, every new BSI that you then have to click to install appears here – after entering the PIN. The installation itself is quite fast, as mentioned. Why Apple doesn't simply list BSIs in the “Software Update” section remains unclear.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten