Apple is updating its Macs to guard against hackers taking control — the first time a Mac update has been sent out automatically without requiring your permission.
The automated security update protects Apple laptops and desktops from newly discovered security vulnerability CVE-2014-9295, which affects OS X and other Linux and Unix distributions.
Speaking to Reuters, Apple spokesperson Bill Evans described Monday’s update as “seamless” and noted that Mac users don’t even need to restart their computers.
Apple isn’t the only company that could be vulnerable to the security bug, which was revealed Friday by the US Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. Researchers warn that vulnerabilities in a computer’s network time protocol (NTP), which sync a computer’s clocks, could allow hackers to take control of a computer remotely.
“Apple’s proactive steps to automatically remediate this particular vulnerability shows the need to quickly patch remotely exploitable vulnerabilities,” says security analyst Ken Westin of Tripwire. “However, the use of Apple’s automatic deployment tool is not without risks, as even the simplest update can cause problems for some systems. In this case the update may have been so minor the risk of affecting other applications and processes was minimal.”
Previously, Apple’s security updates have required a computer user to accept the update. The company has actually had a method to automatically update computers for two years but is only now using it for the first time.
What if someone doesn’t want automatic updates? Westin advises: “If you have a Mac system where an automatic update might introduce a problem — or you are the paranoid type — it can be disabled by going to the Apple Menu > System Preferences > App Store and unchecking Install system data files and security updates.”
Apple did not immediately respond to CNET’s request for comment.