Following the news that http://www.reuters.com/article/2014/12/23/us-apple-cybersecurity-idUSKBN0K108W20141223, Ken Westin, senior security analyst, Tripwire explains why this step is still not without risks:
“Apple’s proactive steps to automatically remediate this particular vulnerability shows the need to quickly patch remotely exploitable vulnerabilities. However, the use of Apple’s automatic deployment tool is not without risks, as even the simplest update can cause problems for some systems. In this case the update may have been so minor the risk of affecting other applications and processes was minimal.
“If you have a Mac system where an automatic update might introduce a problem, or are the paranoid type, the functionality can be disabled by going to the Apple Menu > App Store and unchecking “Install system data files and security updates”.
“The vulnerability(CVE-2014-9295) that this patch fixes also affects many other Linux/Unix distributions, it is critical that system administrators update systems as patches are made available. You can learn more about the NTP vulnerability here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295”