Critical flaw forces Apple to push first automatic OS X security update


A critical security issue in the network time protocol (NTP) has prompted Apple to push an automatic OS X update for the first time ever. Google researchers discovered the flaw which could allow a remote attacker to “send a carefully crafted packet that can overflow a stack buffer and allow malicious code to be executed.” NTP is a common protocol that’s been successfully hacked before, so the security hole could result in remote DDoS attacks on many UNIX-based systems, including Linux servers and OS X. The US government deemed it serious enough to flag it, and at first Apple advised users of Yosemite, Mountain Lion and Mavericks to update “as soon as possible.” However, several years ago it introduced an automatic OS X update system that requires no user action, and decided to deploy it for the first ever. An Apple spokesman told Reuters “the update is seamless. It doesn’t even require a restart.”


Leave a Reply