Apple Pushes First Automatic Update For Mac OS X
Apple has pushed its first automatic update to Mac OS X users, after Google researchers reported a serious bug on the Network Time Protocol (NTP).
The bug, named CVE-2014-9295, allows an attacker to send a malicious packet to a vulnerable version of NTP, gaining the same privileges as an authorized version of NTP.
Like Us on Facebook
The privileges given to the NTP would allow a hacker to run malicious code remotely on a computer or server, capable of taking over the machine or system.
Google researchers spotted the flaw a week ago, and while Apple claims no exploits have been spotted on Mac OS X, the automatic update shows the seriousness of the flaw, if a hacker creates an exploit.
NTP is the global standard for internet-time, and syncs up all times from around the globe to under a second. Microsoft and other platform owners should also update their systems, to make sure no vulnerabilities are attacked.
Apple changed its terms of service on OS X two years ago, allowing it to send automatic updates, this is the first time Apple has used this privilege.
OS X Mountain Lion, Mavericks and Yosemite received the automatic update, any Mac users on older versions will still run the risk of vulnerabilities on NTP, and may not be able to update.
Unlike Microsoft, Apple has most of its Mac users on the latest OS X update. In 2013, Apple made Mac OS X updates free for all Mac owners, drawing in millions of users who would have not updated their OS.
It is not the first internet-standard to have flaws exposed in 2014, SSL (Secure Socket Layers) also fell to a malicious bug, codenamed 'HeartBleed', allowing hackers to bypass SSL security on the web.
Google set up its own research group a few months ago, to make sure these issues would be taken care of, before hackers found the vulnerabilities.