BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesInnovationConsumer Tech

Why Apple Pushed Its First Automatic Mac OS X Security Update This Week

Amit Chowdhry
Former Contributor
Opinions expressed by Forbes Contributors are their own.
Tech enthusiast, born in Ann Arbor and educated at Michigan State
This article is more than 9 years old.

Earlier this week,  Apple pushed its first automatic security update to Mac users. The security update plugged a vulnerability in the OS X operating system connected to the network time protocol (NTP). Security experts discovered that the vulnerabilities in the NTP could have been exploited by hackers to gain remote control of Mac computers. The network time protocol is used to synchronize clocks on Mac computers.

Hypothetically, remote hackers could have used the NTP vulnerability to send packets of data that overflows stack buffers and allows malicious code to be executed. The Apple software update was sent out without requiring users to accept the changes. However, Apple sent notifications to users that successfully received the security update. Restarting the computer was not necessary for users to install the security update.

Apple issued the security update after information about the vulnerabilities were published by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute, according to Reuters. Neel Mehta and Stephen Roettger of the Google Security Team originally discovered the vulnerability, which was reported to the Industrial Control Systems Cyber Emergency Response Team. The security vulnerability, known as CVE-2014-9295, also affects the Linux and Unix operating systems.

The issue affects operating systems that runs NTP4 prior to 4.2.8, according to Ars Technica. When Apple launched the Snow Leopard operating system in 2009, they also created a database of malware definitions on Macs that prevents users from installing viruses. This feature is called File Quarantine (also known as XProtect).

Apple developed an automatic patching system a couple of years ago, but it was not used until the NTP issue came up. Apple generally asks for permission from the user to update their operating system. Apple said that it has not received any reports of an incident where a Mac computer was targeted by hackers due to the NTP vulnerability. If you do not want to receive automatic updates, you can go to Systems Preferences —> App Store —> uncheck “Install system data files and security updates.”

Amit Chowdhry
Amit Chowdhry