Apple Pushes First Automated OS X Security Update

PC Magazine reports (as does Ars Technica) that Apple this week has pushed its first automated security update, to address critical flaws relating to Network Time Protocol: The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc. A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.

Re:FFS

[BasilBrush]

Yeah. Looks like the second appeared in Mountain Lion, and the default was ticked, even though "Allow updates automatically" wasn't.

So most people who have had "Allow updates automatically" unchecked for years won't have ever seen the newer option.

I'm not complaining. But some people will have room to do so.