Snippet: What Are Rapid Security Responses and Why Are They Important? ☇

Adam Engst with a great explainer:

So what’s a Rapid Security Response, and why are we seeing them now? Apple’s goal is to distribute important security fixes to users more quickly and encourage faster adoption, particularly when a vulnerability is being exploited in the wild. […]

Apple’s solution is to move components likely to need updating—Safari and its underlying WebKit foremost among them—outside of the Signed System Volume. That makes them easier to update but also more vulnerable. To maintain security for such external components, Apple introduced special disk images called cryptexes (cryptographically signed extensions). There’s almost no documentation of cryptexes apart from Howard Oakley’s exploration, where he says they’re stored on the Preboot volume and loaded early in the boot process, when they’re grafted into the parent file system such that their contents effectively become part of the system.