Apple has pushed out its first-ever automated security update to Macs to help defend against newly identified bugs that security researchers have warned could enable hackers to gain remote control of machines.
The company pushed out the software to fix critical security vulnerabilities in a component of its OS X operating system called the network time protocol (NTP), according to Apple spokesman Bill Evans. NTP is used for synchronising clocks on computer systems.
The bugs were made public in security bulletins over the weekend by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. Carnegie Mellon identified dozens of technology companies, including Apple, whose products might be vulnerable.
According to Apple's support page, the vulnerability could allow an attacker to remotely run code on a user's system.
"Impact: A remote attacker may be able to execute arbitrary code.
"Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking."
When Apple has released previous security patches, it has done so through its regular software update system, which typically requires user intervention.
The company decided to deliver the NTP bug fixes with its technology for automatically pushing out security updates, which Apple introduced two years ago but had never previously used, because it wanted to protect customers as quickly as possible due to the severity of the vulnerabilities, Evans said.
"The update ... doesn’t even require a restart," he said.
Apple does not know of any cases where vulnerable Mac computers were targeted by hackers looking to exploit the bugs, Evans said.