Troubling Precedent: Apple Pushes Security Update Without User Permission (NTP Security Flaw)
A disturbing precedent was set today in which Apple auto-installed (without notice or permission) OS X NTP Security Update.
- Advisory (ICSA-14-353-01A) Network Time Protocol Vulnerabilities
- Apple automatically patches Macs to fix severe NTP security flaw
Yes, I wanted the update and kudos to Apple for patching this bug quickly, but my computer is my property, and never mind whatever legal excrement Apple mixes into the OS X license, I do not grant Apple the right to invade my computer, no matter what the goal. The ends do not justify the means.
The update is not even listed in the Updates section of the App Store app on my Mac. Which in itself was a source of concern. How would one know it is legitimate unless by reading the news?
Update: see App Store preferences at end.
Bars always get pushed lower, not higher; lines once crossed are more easily crossed the next time. There is absolutely no reason that Apple could not respect users enough to post a warning, asking for permission to install the fix. But this is coming from the same company that forced unwanted U2 albums into users accounts. And so, MPG increasingly distrusts the judgment and ethics now at the helm of Apple.
Consider also that any update mechanism capable of pushing updates without user permission is in itself a massively juicy prize that any hacker worth his/her salt would love to snag. Moreover, all software code has bugs. These reasons alone are enough to warrant the removal of the capability entirely.
MPG calls upon Apple to defeat the ability in OS X to make any auto-push update of any kind—remove the code so as to remove the risk.
Finally, consider a secret court order that instructs Apple to push an “update” that has, say, a bit more than one wishes for? Pick your country, USA or otherwise. All such prospects are chilling.
App Store preferences
Several readers wrote to educate me on the App Store preferences. They should be in the App Store app, right? Wrong. They are in System Preferences.
Such a step backwards—I could understandjust fine. But I don’t think of the App Store app as system software. Had me fooled for sure. And why can’t one preferences for App Store in the App Store app? Disjointed design.
In the past, I’ve unchecked every box except the download one, but I have noticed Apple resetting various preferences with system updates. So it seems that the auto push was enabled, probably at the 10.10.1 update. I certainly have never enabled the setting.
So I’ve now unchecked the.