Today highlighted a little-known macOS feature that lets your Mac automatically receive and use critical patches in an unfortunate case of a catastrophic bug or vulnerability.
As you know, Apple today released a fix for a major bug in macOS that enabled root access with a blank password on any Mac running macOS High Sierra version 10.13.1 or newer.
The issue, discovered yesterday by developer Lemi Orhan Ergin, was severe enough to warrant a quick turnaround along with an official apology from the company.
TUTORIAL: Using Gatekeeper to secure your Mac
Now, many people—ourselves included—have noted that the fix for this vulnerability was automatically and silently downloaded in the background, with a Gatekeeper notification popping up to inform users that “This update should be installed as soon as possible.”
This is where things get interesting…
Even if you don’t manually download this patch, it is going to download and install itself. According to Apple, the necessary files will be “automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”
This automatic update mechanism is non-optional by design.
It cannot be turned off at will, which would defeat its purpose anyway. Apple’s goal with this cool feature is swift delivery of system patches designed to address major vulnerabilities and problems without requiring any intervention on your part.
Gatekeeper in action
This certainly isn’t the first time Apple has forced the automatic installation of a security patch.
As Daring Fireball’s John Gruber and Six Colors’ Jason Snell pointed out earlier today, the other was the NTP Security Update back in 2014 which affected macOS 10.8 through 10.10.
Like the current update, that fix got pushed out and installed on users’ Macs automatically, without requiring a restart. As Snell explains, Apple has similar features at its disposal.
TUTORIAL: How to secure your Mac with a firmware password
As an example, Gatekeeper silently updates the list of known malicious software that strengthens your security when downloading and installing unsigned apps. Users can visit System Preferences → App Store to tell their Mac to optionally auto-download other things, like major macOS updates, security updates, File Quarantine data and more.
Additional capabilities found in System Preferences → Security & Privacy make it easy to further adjust various security-related settings to your liking, such as whether a password is required after the screen saver begins or your Mac goes to sleep and more.
TUTORIAL: Ensuring your Mac is receiving updates about new malware
Lastly, macOS has something called System Integrity Protection which closes off many system files to user access in order to prevent malicious code from wreaking havoc on your Mac.
TUTORIAL: How to show macOS’s hidden Library folder on your Mac
Given the severity of the root password vulnerability and Apple’s swift response in less than 24 hours, we felt it important to summarize macOS’s automatically-updating security features that keep your Mac safe with critical patches without needing any action on your part.
Bottom line: Apple’s mechanism for automatically pushing updates to your Mac in the event of a catastrophic bug is a crucial feature you don’t even know is there until it’s needed.
Thoughts?