“Apple Inc has pushed out its first-ever automated security update to Macintosh computers to help defend against newly identified bugs that security researchers have warned could enable hackers to gain remote control of machines,” Jim Finkle reports for Reuters.
“The company pushed out the software on Monday to fix critical security vulnerabilities in a component of its OS X operating system called the network time protocol, or NTP, according to Apple spokesman Bill Evans.NTP is used for synchronizing clocks on computer systems,” Finkle reports. “When Apple has released previous security patches, it has done so through its regular software update system, which typically requires user intervention.”
“The company decided to deliver the NTP bug fixes with its technology for automatically pushing out security updates, which Apple introduced two years ago but had never previously used, because it wanted to protect customers as quickly as possible due to the severity of the vulnerabilities, Evans said,” Finkle reports. “‘The update is seamless,’ he said. ‘It doesn’t even require a restart.'”
Read more in the full article here.
Cool, did they include a free U2 album with that??
It didn’t auto update for me. I clicked install. Does it only do these things every hour or something? Perhaps I just happened to be in the App Store app before it had chance to.
I’m checking on my 4th Mac and none of them updated themselves, either.
Make sure you turn off automatic updates, people, if you don’t want it to update automatically. I’m guessing this falls under the “Install system data files and security updates” checkbutton in the App Store System Preferences pane.
Of course, who knows if that checkbutton works. On one of the Macs that button was checked and it didn’t install this update. ???
I don’t like it. What if down the road they push an update that disables our computers? It could easily be used for that. And with the govt we have who knows what they will demand
Down the road?? That kind of thing is already in your rear-view mirror. It just hasn’t turned on it’s headlights and hit your bumper yet.
OMG… This paranoia!
What if you just had enough dope?
… and now my step-daughter’s e-mail is behaving strangely. She is a member of a group that uses e-mail and when she tries to delete a recipient’s name, it, instead, multiplies the name ~25 times causing multiple sends to a “bad” address.
That, and on occasion it will blank the screen for a bit.
I got the update on Yosemite. It was dream like. I saw the notification in the upper right hand corner. Then went to App Store Updates, and nothing was listed.
On Mavericks, the update was manual and listed.
AHA! Thank you Gollum. As I point out below, there was nothing automatic in Mavericks.
Mine updated automatically. I would have accepted it voluntarily, not sure this was the way to go.
I have a couple of old Lion macs still in use (one Mac mini behind tv). Are they vulnerable to this security exploit?
I would say yes.
I primarily use the Mountain Lion partition on my Mac mini and the update happened automatically.
I was in Safari with four tabs open and it was behaving sluggishly, then quit unexpectedly… when I relaunched. I got that pop up window requesting I send info to Apple. I did, then it quit again.
I was rather concerned, thinking I had picked up something from one of the sites I was checking. Sometime after launching Safari again, I noticed the little window about the security update. As that type of notification had never occurred before, I was a bit concerned about that also… thinking it might be some sort of cover for a malware install.
Needless to say, I’m glad to know what it was. Although, I am a bit concerned as I do not have automatic update turned on. And I’m not happy about it playing havoc with Safari.
MacCowboy: I’ve been trying for several days to sort out the state of NTP on 10.7.5 and lower. All that has been said is that “all versions of ntp prior to 4.2.8” are vulnerable. Sadly, that number has NOTHING to do with Apple’s own numbering scheme for NTP, causing confusion. But I have to assume, despite this bizarre statement, that YES! 10.7.5 and less ARE vulnerable.
My response on the 10.7.5 Lion MacBook I maintain is to turn OFF NTP. (Check OFF ‘Set date and time automatically’ in the Date and Time system preferences.
I wish I had something actually solid to state about the matter. But so far I’ve found nothing, apart from the odd quote above.
Test
I’d say this is fine for massively urgent, quick security patches, but they really shouldn’t start doing this too much – certainly not for OS updates.
It was kinda cool (and convenient) to just be told that everything had been sorted automatically though – and without a restart, too!
WHAT?!
1) XProtect, Apple’s anti-malware system, has been automatically updated for YEARS!
2) I received a notice at about the NTP update via both email and notifications AND I went to the App Store app and installed it MYSELF.
Is this guy high? (o_O) º º º
AHA! Gollum points out above that only OS X 10.10.1 Yosemite auto-updated NTP. It was a manual install on Mavericks and Mountain Lion.