Apple recently pushed through an OS X update to repair a security flaw, which may seem like nothing new. However, for the first time ever, they did it automatically, without even letting users know. Why? Because they felt the security issue was too serious to wait for consumers to patch it on their own. The update was to fix a breach in NTP (Network Time Protocol) that would have allowed hackers the opportunity to turn Macs into DDoS minions. Notably, the OS X security update was implemented transparently, meaning users didn’t need to restart their devices for it to take effect.
Are You at Risk?
Vulnerabilities were discovered in the NTP by technicians a few weeks ago, which would allow attackers to execute a malicious code on a remote system. It appears that millions of computers, including Macs running OS X 10.8, 10.9 and 10.10, would have been susceptible. Apple decided it was a good opportunity to test OS X’s automatic silent repair mechanism for the first time, although it has been present for at least a few years.
The Silent Update
The update on OS X is seamless; in fact, the first a user will know of it is after it’s already been complete is when your system will receive a confirmation box telling you the update was a success. If you want to be proactive in protecting your system, though, you can manually download the update from the Mac App Store.
While Microsoft has had the ability to silently update for some time, it’s very rare that they actually use it. Windows/Microsoft prefers to download the updates automatically and then install them at a more opportune moment, such as during a restart or shutdown. This may be because installing an update while a system is running can be somewhat risky, especially if a user is in the middle of an important task when the update starts taking place.
Clearly Apple thought the NTP vulnerability was a serious enough threat that it was a necessary installation.
To learn more about network updates, threats, and system security, contact On Time Tech. We’ll answer any of your questions and help you ensure your IT systems are safe. For more information, reach out to us via e-mail at email@example.com or speak with us over the phone at (415) 294-5250.