Skip to footer

Apple pushes out its first-ever automated security update

Apple automatically updated Macs this week to patch a security hole in OS X. It's the first time Apple has ever automatically applied a security update, though it's had the ability to do so for two years.

|
James Lawler Duggan/Reuters
Apple pushed its first-ever automatic security update for OS X this week. Here, shoppers walk outside an Apple store in Washington, D.C.

Your Mac might have been updated this week without you even knowing it.

Apple wanted to patch a security hole as quickly as possible before hackers took advantage of it. The security update was the first Apple has ever sent out without first requiring users’ permission to install.

Apple spokesman Bill Evans told Reuters the update was “seamless” and that users didn’t even need to restart their computers.

The security hole affects Linux and Unix systems, including Mac OS X. A bug in the network time protocol (NTP) that keeps computer clocks in sync could have allowed hackers to gain control of a computer. The bug was uncovered last Friday by researchers at Carnegie Mellon University and the US Department of Homeland Security. The security bulletin announcing the bug said it could “allow attackers to overflow several buffers in a way that may allow malicious code to be executed.”

Apple says it’s not aware of any cases where the security hole was actually used by hackers to gain access to anyone’s computer. Presumably, the automatic update helped to quickly patch the vulnerability: relying on users to manually install a security patch would take longer, giving attackers more time to exploit the bug.

It’s worth mentioning that OS X has had a method for automatically applying security updates since 2012 – it’s just that Apple had never used that method until now. Seamless updates allow the company to quickly patch security vulnerabilities, although there’s a small risk that any update could cause problems for certain users, if it conflicts with other applications they’re using.

Mac users who don’t want to receive automatic updates can go to their System Preferences and, under the App Store section, uncheck the option labeled “Install system data files and security updates.” (You probably shouldn’t do this unless you know Apple’s security updates might make things buggy on your machine, or unless you’re really concerned about having manual control over security updates.)

This vulnerability was particularly severe, Mr. Evans told Reuters, which is why Apple chose not to patch it through its regular software update system. That system was used back in February to fix “Gotofail,” a bug on Macs and iOS devices that could have allowed an attacker to monitor user activity on a wireless network. The bug stemmed from an extra line in Apple’s source code, and hackers could have used it to nab e-mails or even banking information. Apple issued a patch for the bug, and enough people downloaded the update that Mr. Evens says no one’s communications were intercepted.

You've read 3 of 3 free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
Subscribe
QR Code to Apple pushes out its first-ever automated security update
Read this article in
https://www.csmonitor.com/Technology/2014/1224/Apple-pushes-out-its-first-ever-automated-security-update
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe
CSM logo

Why is Christian Science in our name?

Our name is about honesty. The Monitor is owned by The Christian Science Church, and we’ve always been transparent about that.

The Church publishes the Monitor because it sees good journalism as vital to progress in the world. Since 1908, we’ve aimed “to injure no man, but to bless all mankind,” as our founder, Mary Baker Eddy, put it.

Here, you’ll find award-winning journalism not driven by commercial influences – a news organization that takes seriously its mission to uplift the world by seeking solutions and finding reasons for credible hope.

Explore values journalism About us