Mac being updated with security fix for NTP flaw, automatically for the first time
Apple recently pushed out an automated security update to Mac computers for the first time ever, patching several critical security flaws that were recently uncovered in the network time protocol (NTP).
Though Apple had introduced the technology for delivering automated security updates to its OS two years ago, but it hadn’t been used until this week.
In this case, Apple spokesman Bill Evans told Reuters, the company wanted to protect customers as quickly as possible due to the severity of the vulnerabilities. “The update is seamless,” Evans said. “It doesn’t even require a restart.”
The NTP vulnerabilities were discovered by Google Security Team researchers Neel Mehta and Stephen Roettger, and were detailed in a recent alert from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and are published on Techworm here.
Such automatic updates are overwhelmingly useful to the users, who normally take a while to update their machines. This may be due to many of reasons but is mostly due to the bugs present in the updates which make users wary of updating their machines. The recent fiascos by Microsoft’s in releasing buggy updates under its Patch Tuesday program and Azure cloud service haven’t exactly helped boost the user confidence.
Similar views were voiced by Tripwire senior security analyst Ken Westin to Infosecurity Magazine. “Apple’s proactive steps to automatically remediate this particular vulnerability shows the need to quickly patch remotely exploitable vulnerabilities,” Westin said. “However, the use of Apple’s automatic deployment tool is not without risks, as even the simplest update can cause problems for some systems.”
For those users who hate such unasked auto-updates or concerned about the potential impact of automatic updates should disable them by clicking on the Apple Menu, choosing App Store, and then unchecking ‘Install system data files and security updates.’