Subscribe

Apple pushes out its first-ever automated security update

Apple automatically updated Macs this week to patch a security hole in OS X. It's the first time Apple has ever automatically applied a security update, though it's had the ability to do so for two years.

  • close
    Apple pushed its first-ever automatic security update for OS X this week. Here, shoppers walk outside an Apple store in Washington, D.C.
    James Lawler Duggan/Reuters
    View Caption
  • About video ads
    View Caption
of

Your Mac might have been updated this week without you even knowing it.

Apple wanted to patch a security hole as quickly as possible before hackers took advantage of it. The security update was the first Apple has ever sent out without first requiring users’ permission to install.

Apple spokesman Bill Evans told Reuters the update was “seamless” and that users didn’t even need to restart their computers.

Recommended: 10 weird things your iPhone can do

The security hole affects Linux and Unix systems, including Mac OS X. A bug in the network time protocol (NTP) that keeps computer clocks in sync could have allowed hackers to gain control of a computer. The bug was uncovered last Friday by researchers at Carnegie Mellon University and the US Department of Homeland Security. The security bulletin announcing the bug said it could “allow attackers to overflow several buffers in a way that may allow malicious code to be executed.”

Apple says it’s not aware of any cases where the security hole was actually used by hackers to gain access to anyone’s computer. Presumably, the automatic update helped to quickly patch the vulnerability: relying on users to manually install a security patch would take longer, giving attackers more time to exploit the bug.

It’s worth mentioning that OS X has had a method for automatically applying security updates since 2012 – it’s just that Apple had never used that method until now. Seamless updates allow the company to quickly patch security vulnerabilities, although there’s a small risk that any update could cause problems for certain users, if it conflicts with other applications they’re using.

Mac users who don’t want to receive automatic updates can go to their System Preferences and, under the App Store section, uncheck the option labeled “Install system data files and security updates.” (You probably shouldn’t do this unless you know Apple’s security updates might make things buggy on your machine, or unless you’re really concerned about having manual control over security updates.)

This vulnerability was particularly severe, Mr. Evans told Reuters, which is why Apple chose not to patch it through its regular software update system. That system was used back in February to fix “Gotofail,” a bug on Macs and iOS devices that could have allowed an attacker to monitor user activity on a wireless network. The bug stemmed from an extra line in Apple’s source code, and hackers could have used it to nab e-mails or even banking information. Apple issued a patch for the bug, and enough people downloaded the update that Mr. Evens says no one’s communications were intercepted.

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK