The Cupertino, Calif.-based tech giant pushed out a security update yesterday that didn’t need your help.
Mac users, myself included, have long felt our machines we’re nearly invincible with regards to viruses and hacking. That is, of course, a naive outlook and far from accurate. Yesterday, for the first time, the company rolled-out a security update to close a hole the called CVE-2014-9295 which could allow outsiders to gain control of computers running OS X and other Unix and Linux-based operating systems.
What makes this patch unique is the fact that the company did so without letting users know in advance. Rather, it was what Apple spokesperson Bill Evans called “seamless” when speaking to Reuters adding that the patch it sent didn’t even require a restart.
On Friday last week, the Carnegie Mellon University Software Engineering Institute and the United States’ Department of Homeland Security announced the presence of this flaw in OSX saying that hackers could take control of certain Apple computers by utilizing a vulnerability in the computer’s network time protocol (NTP), which keeps users’ clocks properly synced.
“Apple’s proactive steps to automatically remediate this particular vulnerability shows the need to quickly patch remotely exploitable vulnerabilities,” security analyst Ken Westin of Tripwire told CNET. “However, the use of Apple’s automatic deployment tool is not without risks, as even the simplest update can cause problems for some systems. In this case the update may have been so minor the risk of affecting other applications and processes was minimal.”
Apple joins Microsoft
Microsoft has been pushing automatic updates for some time now but Monday’s update is the first time that Apple has followed suit despite the fact that they have had the ability to automatically update OS X for a couple of years.
Clearly Apple felt that this particular flaw was enough to warrant this change in policy. For users that just aren’t a fan of automatic updates, it requires only a simple trip to the System Preferences section of the App Store to disable the automatic installation of security updates in the future.