For the first time ever, Apple has pushed a Mac OS X security patch out automatically, rather than asking users to update. Apple has always had the ability to push updates on users without warning but has always opted to give users the option of approving updates manually or automatically. However, this time, it looks like they have exercised their ability and Mac users across the world have noticed that their computers are suddenly force restarting for the update to be installed.
Image : Apple Doing Force update of every Mac System
The update is to patch a critical security flaw in the Network Time Protocol element of OS X. The vulnerability, CVE-2014-9295, was made public a few days ago and affects any operating system that runs NTP4, up to v4.2.8. That includes OS X, UNIX and Linux systems. NTP is the component responsible for syncing clocks between systems and across the whole of the internet.
Once the flaw is exploited, it can allow an arbitrary code to be executed remotely, with the potential to turn any operating system into a DDoS zombie. As of yet, there have been no reports of the vulnerability being exploited but previous NTP attacks include a 300Gbps DDoS attack against Spamhaus and a 400Gbps attack against CloudFlare.
Image : Forced Security Update of Mac
For Apple to be pushing the update automatically, without permission from users, they are clearly treating this as a very serious flaw. Some users have noted that their systems were force restarted and updated whilst in sleep mode which attests to the seriousness of the threat.
All users who have not had the update applied automatically should take steps now to apply it. You can find it in the Updates section of the OS X app store and it is for OS X Lion 10.8.5, Mavericks 10.9.5 and Yosemite 10.10.1.
Source : Apple