Apple Pushes First Automated Security Update for Mac

Apple SecurityMac users this week received Apple’s first automated security update, which was released to defend against newly identified bugs that could allow hackers remote access.

According to Reuters, the tech giant launched the updated on Monday to fix “critical security vulnerabilities” in OS X’s network time protocol (NTP), which is used for syncing computer clocks.

The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc.

A number of versions of the NTP Project “allow attackers to overflow several buffers in a way that may allow malicious code to be executed,” the Carnegie Mellon/DHS security bulletin said.
Apple, AT&T, Alcatel, Belkin, and a handful of others are currently listed as “unknown.” But Cupertino has applied an update, which an Apple spokesman told Reuters is “seamless,” and “doesn’t even require a restart.”

The company’s typical security patches come through Apple’s regular software update system, and often require users to move through a series of steps before installing. This week’s update, however, marks Cupertino’s first implementation of its automated system, despite having introduced the function two years ago, Reuters said.

Apple did not immediately respond to PCMag’s request for comment, but told Reuters it has not identified any cases in which the vulnerability was exploited by hackers.

Earlier this year, Apple fixed the “gotofail” SSL security hole, which had been fixed in its mobile iOS devices only a week before. Few details were revealed about the flaw, which experts said hackers could use to launch man-in-the-middle attacks to intercept messages passed from a user’s device to sites like Google, Facebook, and online banking.