Checklist 449: Background Improvements and a Meta Warning

Apple Revives Silent Security Patching With “Background Security Improvements”

Apple is rolling out a revived approach to silent security patching in iOS 26.1, iPadOS 26.1, and macOS 26.1 with a feature called Background Security Improvements — a system that installs certain security fixes automatically and quietly.

According to Cult of Mac, the feature allows Apple to apply “lightweight security releases” for Safari, WebKit, and other core system libraries without requiring the user to do anything — or even be aware of the update. Apple’s goal: keep more devices secure between major updates, especially since many users delay software upgrades.

The approach may feel familiar. Computerworld notes that Apple previously attempted something similar with Rapid Security Responses in 2023 — a fast-patch system that was quietly abandoned after reports of bugs, broken websites, installation failures, and unexpected system alerts. The publication assumes those issues have been resolved as Apple reintroduces the concept under a new name.

Enabled by default, Background Security Improvements are expected to benefit average users and IT departments alike by closing vulnerabilities as soon as they’re identified. However, Computerworld cautions that organizations running custom apps or using MDM configurations may prefer to disable the feature to prevent compatibility issues.

SecureMac recommends that most users keep the feature turned on, aligning with long-standing advice to enable automatic updates for improved safety with minimal disruption.

Users can find the toggle under Settings → Privacy & Security → Background Security Improvements on iPhone, iPad, and Mac. Apple notes that in rare cases, patches may be temporarily removed if compatibility problems arise, then restored in future updates.

Internal Documents Reveal Meta Earns Billions From Scam Ads, Raising Safety Concerns Ahead of Holiday Shopping

As the holiday shopping season ramps up, security experts are warning consumers to avoid making purchases through Meta platforms like Facebook and Instagram — not because the apps are obscure, but because they’re dangerous.

According to a Reuters investigation, internal Meta documents show the company expected 10% of its 2024 annual revenue — roughly $16 billion — to come from fraudulent advertisements. These ads often promote illegal gambling, phoney investments, and nonexistent products, targeting unsuspecting users who may end up paying for items that never arrive.

The documents also reveal that Meta spent three years failing to protect users from these scams, even as it built systems to determine how suspicious an ad campaign might be. But instead of blocking high-risk ads unless it was 95% certain they were fraudulent, Meta often chose another path: charging suspected scammers more money to advertise. As TechCrunch notes, this creates a perverse incentive where Meta profits even when it believes an ad is probably a scam.

Worse still, Meta’s ad-personalization engine can make the problem snowball. Users who click on one scam ad are likely to be shown more, thanks to algorithms designed to reinforce “interests.”

While Meta insists it’s working to reduce scam exposure, Reuters reports the company has placed strict limits on how much revenue it is willing to lose in the process. In early 2025, the team responsible for blocking questionable advertisers was prevented from taking actions costing Meta more than 0.15% of revenue — about $135 million out of the company’s $90 billion revenue for the period.

Rather than eliminating fraudulent ads quickly, Meta leadership reportedly opted for a gradual reduction plan:

• From 10.1% of total revenue in 2024
• To 7.3% by the end of 2025
• To 6% in 2026
• And 5.8% in 2027
  

For consumers, this means the danger isn’t theoretical. Many ad campaigns the company suspects are scams are still being shown — because the advertisers paid enough.

Security analysts advise treating yourself to a safer holiday season by avoiding all shopping conducted through Meta’s ad ecosystem. While not every ad is a scam, the platforms’ tolerance for high-risk ads makes it nearly impossible for the average user to know which ones are safe.