Today highlighted a little-known macOS feature that lets your Mac automatically receive and use critical patches in an unfortunate case of a catastrophic bug or vulnerability.
As you know, Apple todayreleaseda fix for a major bug in macOS that enabled root access with a blank password on any Mac running macOS High Sierra version 10.13.1 or newer.
The issue,discoveredyesterday by developer Lemi Orhan Ergin, was severe enough to warrant a quick turnaround along with anofficial apology from the company.
TUTORIAL:Using Gatekeeper to secure your Mac
Now, many people—ourselves included—have noted that the fix for this vulnerability was automatically and silently downloaded in the background, with a Gatekeeper notification popping up to inform users that “This update should be installed as soon as possible.”
This is where things get interesting…
Even if you don’t manually download this patch, it is going to download and install itself. According to Apple, the necessary files will be “automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”
This automatic update mechanism is non-optional by design.
It cannot be turned off at will, which would defeat its purpose anyway. Apple’s goal with this cool feature is swift delivery of system patches designed to address major vulnerabilities and problems without requiring any intervention on your part.
Gatekeeper in action
This certainly isn’t the first time Apple has forced the automatic installation of a security patch.
As Daring Fireball’sJohn Gruberand Six Colors’Jason Snellpointed out earlier today, the other was theNTP Security Updateback in 2014 which affected macOS 10.8 through 10.10.
Like the current update, that fix got pushed out and installed on users’ Macs automatically, without requiring a restart. As Snell explains, Apple has similar features at its disposal.
TUTORIAL:How to secure your Mac with a firmware password
As an example, Gatekeeper silently updates the list of known malicious software that strengthens your security when downloading and installing unsigned apps. Users can visitSystem Preferences → App Storeto tell their Mac to optionally auto-download other things, like major macOS updates, security updates,File Quarantine dataand more.
Additional capabilities found inSystem Preferences → Security & Privacymake it easy to further adjust various security-related settings to your liking, such aswhether a password is required after the screen saver begins or your Mac goes to sleepand more.
TUTORIAL:Ensuring your Mac is receiving updates about new malware
Lastly,macOS has something called System Integrity Protectionwhich closes off many system files to user access to prevent malicious code from wreaking havoc on your Mac.
TUTORIAL:How to show macOS’s hidden Library folder on your Mac
Given the severity of the root password vulnerability and Apple’s swift response in less than 24 hours, we felt it important to summarize macOS’s automatically-updating security features that keep your Mac safe with critical patches without needing any action on your part.
Bottom line:Apple’s mechanism for automatically pushing updates to your Mac in the event of a catastrophic bug is a crucial feature you don’t even know is there until it’s needed.
