Credit: Krivosheev Vitaly/Shutterstock
Yesterday (Dec. 22), Apple pushed a initial imperative refurbish for OS X: a patch for a critical bug in a Internet-standard Network Time Protocol. Attackers could feat a smirch to remotely run formula on someone else’s mechanism or server, effectively seizing control.
Until now, Mac owners have always had to determine to any refurbish before it was installed. Yesterday was a initial instance in that Apple used a ability to send out imperative program updates. This sold patch doesn’t need a mechanism restart.
Network Time Protocol (NTP), initial tangible in 1985, is a custom for syncing time on networked machines all opposite a world. It’s used in many computers and servers, not usually in Apple’s OS X systems.
The smirch in question, strictly designated CVE-2014-9295, has to do with a buffer-overflow issue. An assailant could send a specifically crafted antagonistic parcel to a mechanism with a exposed chronicle of NTP, and that parcel would be means to run a antagonistic formula with a same privileges as a legitimate NTP packet.
Exploits for this newly rescued NTP smirch do exist, though Apple says it has not rescued any instances of people exploiting a flaws on an OS X system.
Nevertheless, after a smirch was disclosed by Google researchers final week, Apple motionless to pull out a confidence refurbish for OS X Mountain Lion, Mavericks and Yosemite in such a approach that users wouldn’t have to manually approve it for it to download. Apple gave itself a ability to pull out imperative updates dual years ago.
If we unequivocally don’t like a thought of Apple pulling involuntary updates to your computer, we can invalidate a underline by going to a Apple Menu, afterwards System Preferences, afterwards a App Store. Uncheck “Install complement information files and confidence updates.”
- How to Protect Yourself from Data Breaches
- 12 Security Mistakes You’re Probably Making
- Best Antivirus Software
Jill Scharr is a staff author for Tom’s Guide, where she frequently covers security, 3D copy and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, onFacebook and on Google+.