Earlier this week,
Hypothetically, remote hackers could have used the NTP vulnerability to send packets of data that overflows stack buffers and allows malicious code to be executed. The Apple software update was sent out without requiring users to accept the changes. However, Apple sent notifications to users that successfully received the security update. Restarting the computer was not necessary for users to install the security update.
Apple issued the security update after information about the vulnerabilities were published by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute, according to Reuters. Neel Mehta and Stephen Roettger of the
The issue affects operating systems that runs NTP4 prior to 4.2.8, according to Ars Technica. When Apple launched the Snow Leopard operating system in 2009, they also created a database of malware definitions on Macs that prevents users from installing viruses. This feature is called File Quarantine (also known as XProtect).
Apple developed an automatic patching system a couple of years ago, but it was not used until the NTP issue came up. Apple generally asks for permission from the user to update their operating system. Apple said that it has not received any reports of an incident where a Mac computer was targeted by hackers due to the NTP vulnerability. If you do not want to receive automatic updates, you can go to Systems Preferences —> App Store —> uncheck “Install system data files and security updates.”