The Security Updates for the iPhone can be Rolled Back by Apple.

The Security Updates for the iPhone can be Rolled Back by Apple.

But don't do that unless you have a really excellent cause.

The Rapid Security Response feature in iOS 16 can deploy security patches without requiring you to fully upgrade your iPhone; Apple will let you delete such patches (or even without having to restart it, in some cases). You may uninstall a Rapid Security Response update by heading to Settings > General > About, pressing on the iOS Version, and then following the instructions in the support page discovered by MacRumors. From there, a "Remove Security Update" button will be displayed to you.

There are no explanations in the document as to why you may want to uninstall a patch, leaving your phone vulnerable to the flaw it is supposed to guard against. It's simple to think of a few unique situations where the capability may be helpful, such as if one accidentally messes up some unique work-related software or management tools. Similar to the new severe Lockdown Mode, which is included to protect users from "very sophisticated" targeted cyberattacks, it's one of those tools that most people should definitely never use unless they have a very specific reason and completely understand what they're doing.

Rapid Security Response is enabled by default, however you can disable the updates by switching off "Security Responses and System Files" in Settings > General > Software Update > Automatic Updates. If you do this, the security patches won't be available until after full iOS updates. Again, given how many of Apple's recent releases have fixed rather major flaws, I'd personally advise against disabling the feature unless you have a specific reason to.

As of now, Apple's support materials for its desktop OS don't say whether you'll be able to roll back those upgrades as well. The system is also coming to macOS in Ventura, which hasn't yet been formally announced.

Security holes are typically alarming but less urgent because only Apple and outside parties are aware of them, or at the very least are aware of how to exploit them. It's crucial to update rapidly, but it's not always a life-or-death situation. It turns out, though, that one of these weaknesses is a zero-day with a publicly available exploit. According to Apple, the company is "aware of a report that suggests that this issue may have been deliberately exploited." If it's true, it implies someone out there is aware of how to exploit this weakness against you, thereby endangering your iPhone, iPad, and Mac.

The aforementioned vulnerability, designated as CVE-2022-32917, enables malicious users to run arbitrary code with kernel privileges. In other words, malevolent people could run whatever code they wanted on your system and completely take over the machine. Because of this, it's critical that you update your devices as soon as you can.

Back to blog