Apple has issued its first automatic update to deal with a vulnerability that affects the Network Time Protocol in Mac OS X clock systems.
Apple normally requires users to download updates manually, but has delivered the NTP fix automatically on this occasion because it could be exploited remotely.
The company said that it had made this update automatic owing to the seriousness of the flaw.
The National Institute of Standards and Technology said that the CVE-2014-9295 vulnerability could allow a third-party attacker to launch arbitrary code from a remote location, or trigger a buffer overflow.
The fix is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 and OS X Yosemite v10.10.1.
Ken Westin, a senior security analyst at Tripwire, said that the automatic deployment of security updates can be useful, but can also present some risks.
"Apple's proactive steps to automatically remediate this particular vulnerability shows the need to quickly patch remotely exploitable vulnerabilities," he said.
"However, the use of Apple's automatic deployment tool is not without risks, as even the simplest update can cause problems for some systems.
"If you have a Mac system where an automatic update might introduce a problem, or are the paranoid type, the functionality can be disabled by going to the Apple Menu > App Store and unchecking ‘Install system data files and security updates'."
Westin added that "many other" Linux and Unix distributions were affected by the same vulnerability, and advised system administrators to apply the relevant patches as they arrive.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year