Mac users may not have noticed, but Apple pushed out a security update yesterday. Users of Apple’s desktop or laptop systems which do not pay attention to their notification center may have missed the fact that their system has been updated. This is because, as reported by the BBC, for the first time Apple applied the update automatically.
In the past, Apple has released security patches through its regular software update system which is only applied through an app store update requiring user approval. The Mac bugs were mentioned in security bulletins issued last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute.
The vulnerability targets a component of Apple’s OS X operating system called the network time protocol (NTP) which is used for synchronizing clocks on computer systems.
The protocol is a global method of synchronizing time over a network and has previously been exploited by hackers.
Apple spokesman Bill Evans told Reuters that
“The company decided to deliver the NTP bug fixes with its technology for automatically pushing out security updates, which Apple introduced two years ago but had never previously used, because it wanted to protect customers as quickly as possible due to the severity of the vulnerabilities.” Evans went on to say
“The update is seamless; It doesn’t even require a restart.”
This bug is the latest in a series of security vulnerabilities affecting Apple systems. The Apple systems have traditionally been relatively immune from the type of security breaches and viruses that have plagued generations of Microsoft Windows users. Earlier this year the Telegraph reported that Apple’s iCloud had been subject of a cyber attack. This ultimately lead to embarrassing photographs of celebrities being leaked to the internet.
In November, the Guardian reported that a Swedish computer hacker had identified two vulnerabilities in Apple’s Desktop and mobile operating systems. The first, known as Rootpipe, potentially affected multiple versions of Apple’s Mac OS X, including the newest release, Yosemite. It lets an attacker gain “root” control of a computer. The second Apple vulnerability is known as ‘Wirelurker’ and has been around for some time. Ryan Olson, the intelligence director of Palo Alto Networks, who discovered the malware said
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware, “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
In February 2014, a major SSL vulnerability in iOS and OS X and an iOS flaw that allows malicious apps to record touchscreen presses brought a maelstrom of criticism and scrutiny down on Apple.
These latest vulnerabilities are further proof, if anywhere needed, that users of Apple products can no longer be complacent about cyber security.
[Image – BBC News]