Feeds

Apple's Mountain Lion to offer automatic security updates

Crikey - now there's a thought

Next gen security for virtualised datacentres

Apple is building in automatic update checking into the next version of Mac OS X – Mountain Lion.

OS X 10.8 Mountain Lion can be configured to automatically poll for security updates every day instead of waiting for users to check for them, which describes the current set-up, AppleInsider reports.

Alternatively, Mountain Lion can be set up to phone home for updates every time a computer is restarted. In either case, users can select to automatically apply available security updates.

"Of course, most days it is unlikely that Apple will have released a security update - but for those times when they have, this feature will hopefully reduce the window of opportunity for malicious hackers to exploit any vulnerabilities in OS X," notes Graham Cluley, senior technology consultant at net security firm Sophos.

The automatic update feature appeared alongside the latest build of Mountain Lion Developer Preview, where it is known as "OS X Security Update Test 1.0" and available through the Mac App Store.

In addition, the latest laptops from Apple will come with a "PowerNap" feature, allowing security updates to be downloaded while the rest of the computer is in sleep mode.

Both features will help ensure that more Macs are kept more up-to-date. Whether or not they remain secure will still depend on the timely publication of security updates from Apple, an issue highlighted by the infamous Flashback Trojan. Flashback exploited a Java vulnerability to infect 600,000 Macs worldwide. The malware exploited a cross-platform flaw in Java that was patched on Windows machines weeks before creating mayhem on Macs. But Apple took much longer to respond, eventually belatedly responding with Java updates and clean-up tools.

Chastened by the experience, Apple is reportedly making security improvements a key feature in Mountain Lion, which is due to debut in mid-July. Other changes in the pipeline may include mandating secure connection to Apple's update servers. Earlier this month it emerged that the Flame cyber-espionage tool had used a "man-in-the-middle" attack against the Windows update system. If Apple introduces security updates over SSL connections then it will move ahead of the game in thwarting this type of attack.

It's unclear to what extent Apple will retro-fit these various security improvements into previous versions of Mac OS X.

In a related moved, Apple recently removed assertions that the Mac "doesn't get PC viruses" in favour of the less strident statement that its computers are "built to be safe".

The increased popularity of Macs in business Apple will need to develop tools (or at least settings) to make patching more manageable in corporate environments.

"In business environments the concept of automatic, silent updates to the Mac operating system may be less popular," Cluley explained. "Often organisations prefer to test a security update before rolling it out across a large number of computers, in case there are bugs or conflicts.

"Furthermore, companies may not like the idea of lots of their Mac computers individually pulling down hefty security updates and gobbling up their internet bandwidth. Presumably Apple will provide mechanisms for businesses to handle these issues when OS X ships next month," he concluded. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.