The headline was frightening in its implications, particularly at at time when it appears that your personal privacy is under assault. It started with something that’s good, which is Apple releasing an update to deal with a newly discovered and severe security vulnerability given the number CVE-2014-9295. The security lapse impacts the network time protocol (called NTP for short) that’s designed to sync the clocks on Macs and other Unix-based computers including Linux. So Apple isn’t alone.
So what’s the danger? Well, this vulnerability means that hackers could take control of your computer remotely. It doesn’t mean they will, but the potential is there. This is unlike most other security problems that require direct access to your Mac to gain control, so we’re talking of something that could be far more serious, although there’s no indication anyone’s been compromised.
The revelation came last Friday from the U.S. Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. So we’re not talking about a security software company that might be trying to hype a few app sales to protect you. Regardless, Apple fixed the problem Monday with a “silent” update, meaning it was automatically pushed to your computer. You didn’t even need to restart, although the Notification Manager in recent OS X versions, such as Yosemite, would report that the update was happening and that it completed.
This seems to be a pretty benign development. You didn’t have to do anything to be protected. Indeed, Apple has been silently updating malware detection strings for several system versions, and there haven’t been complaints, probably because the updates aren’t usually widely mentioned. This time, we have a genuine freakout from CNET, a long-term tech portal currently owned by CBS Interactive. That’s the same CBS that owns Showtime and a certain broadcast network, among other things.
The warning? Well, that automatic updates aren’t risk free, that there is the potential to cause problems with apps and processes. At least that’s the danger, although it doesn’t seem as if these updates have been the source of any complaints.
So where’s the fear-mongering? Well, it starts with the headline, “Apple updates Macs for first time without asking — to foil hackers.” And, no, I am not posting the link. You can easily look it up if you want.
But it’s not the first time. It happens any time those malware detection strings are updated or added to. As for regular software updates, consider the options offered in the App Store preference pane in OS X Yosemite. You have four interrelated options under, “Automatically check for updates,” that include the options to download updates in the background, install app updates, OS X updates, and system data files and security updates.”
The NTP bug fix clearly fits into the latter category.
What this means is that you can uncheck any of these options at any time and not receive any relevant updates unless you go direct to the App Store and select the ones you want. You have full control, and Apple isn’t going to infringe on your privacy. But if you choose to have everything done in the background, so be it. This setting will probably not cause you any trouble, though I suppose an app or OS X update might cause trouble. If you want to be cautious, just say no. It’s a real simple process.
What’s more, if you have iOS gear, you’ve already been able to have app updates downloaded and installed automatically in the background beginning with iOS 7. It’s an option in the iTunes & App Store settings. A simple tap for each category will turn off the automatic settings. So Apple isn’t forcing any uninvited updates on your iPhone or iPad either.
To be fair, the CNET piece does explain how to turn off the automatic install options on a Mac. So the claim that Apple is foisting something unwanted on you in the headline is shown by the end of the article to be fundamentally false.
Certainly you have the right to be concerned about someone pushing downloads to you that you don’t expect, and maybe don’t want, but Apple is giving you full control. If you do opt to do it all manually, perhaps Apple could be more proactive about it and put up a warning prompt if a critical update that impacts your security is available to install. That way, you can dismiss the reminder, install the update, or just go about your business if you prefer to ignore the warning.
But when people want to tell you that Apple might be doing something suspicious in pushing updates to your Mac behind the scenes, they are just plain wrong. That the article contradicted itself makes it doubly certain the graphic headline was meant as hit bait, not to legitimately inform the public about Apple’s update and update policies.
In any case, my Mac isn’t smoking as a result of having that update sent to me. I don’t think yours is either.