To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Apple issues first ever automatic security update for Macs


Apple forced to use emergency patch system to fix critical bug

Apple has deployed its first ever automatic security update for OS X, following the discovery of a critical flaw in the operating system. The vulnerability in the network time protocol (NTP) could potentially allow hackers to gain remote control of a Mac, forcing Apple to act. 

The company normally issues security fixes as part of the regular OS X software update. However, two years ago, Apple introduced an automatic security update system that could implement patches without any user intervention. This is the first time the system has been used. 

Read our review of the latest 13in MacBook Air here

The NTP flaw was highlighted in a security bulletin posted by CERT – the US Computer Emergency Readiness Team – on Friday. It warns of a buffer overflow flaw in an older version of NTP that could “allow a remote unauthenticated attacker to execute arbitrary malicious code”. The fix is to update to the latest version of NTP, which is presumably what Apple did with the emergency patch that was sent out to OS X users on Monday. 

Apple, which rarely comments on security matters, told Reuters that “the update is seamless” and “doesn’t even require a restart”, suggesting most users will have been patched without even knowing about it. 

Apple isn’t the only company that may suffer because of the flaw. CERT lists practically every major technology company on its list of potential victims, including Microsoft, Google and security firm Symantec, although like Apple, CERT says it is “unknown” whether their products will have problems.

Security is one of the chief selling points of Apple’s OS X. The company has run attack ads in the past, comparing the security records of OS X with Windows, which is a more common target for malware writers, principally because it has a far larger user base. 


Read more