It is a discreet novelty of macOS Ventura and iOS 16, but which will be a pillar of the security of these systems. Apple will be able to push fixes that will apply automatically, without having to restart the Mac, iPhone or iPad unlike classic updates.
The faults will therefore be blocked more quickly, without the user having to lift a finger or hang around in front of his bike to be safe. “Big” updates that include new features will always require a restart, however.
“Rapid” security updates on iOS 16 and macOS Ventura
Technically speaking, Apple is relying on a feature implemented with macOS Catalina. System files are stored in a separate partition
Macintosh HD, read-only. User data is installed in a partition
Macintosh HD - Données, readable and writable of course. Both partitions are part of the same APFS container and resize on the fly as needed.
macOS Catalina: the system installed on a read-only partition
However, it was still possible, by disabling SIP, to mount the partition
Macintosh HD and make changes to it. Simply, when the Mac restarts, the volume goes back to read-only. With macOS Big Sur, Apple added security: the signed system volume (SSV) that contains the OS will not boot if macOS detects that files have changed.
So far, when installing new versions of macOS, the SSV comes up in the background, the files are updated and then a new cryptographic signature is created for verification along with an APFS snapshot (snapshot) of the system state. With these tools, the Mac can then restart without problems.
To install its future security updates without restarting, macOS Ventura relies on “cryptex” disk images, as the site explains. Threedots. They are seen by the system as extensions of the existing volume.
For the user, it’s completely transparent and even painless, since his machine doesn’t even need to restart. And for Apple, this new system strengthens the security structure of its operating systems. It remains to be seen how often the manufacturer intends to use it, and if this will have an impact on the rhythm of traditional maintenance updates.