Apple borrows from Windows Update playbook for OS X Mountain Lion
Apple will boost the frequency of security updates in OS X Mountain Lion and automatically install required patches for users, steps that bring it into line with Microsoft’s practices.
In an update Monday to Mountain Lion’s Developer Preview 4, Apple supplied what it called “Security Test Update Test 1.0.” As the name implied, the update was a test of Mountain Lion’s new security infrastructure, which presumably was put into place earlier.
Several Apple-specific blogs, including MacRumors, reported on the update and posted screenshots of the accompanying text that described it to developers and testers.
Although Apple has disclosed many Mountain Lion features, it has not revealed all those slated for the upgrade: Until Monday, there had been few hints of changes to OS X’s security update process.
According to the update’s description, Mountain Lion checks for security updates daily—a frequency increase from the weekly checks that are the default in previous editions of OS X—and will install those updates automatically for the user, either at the time they’re downloaded or at a machine restart.
By comparison, Leopard and later will only download updates and notify users when they’re available. It’s up to users, however, to install security and feature updates.
Apple also said it beefed up the security of the connections between customers’ Macs and its update servers, hinting at the same kind of improvement in encryption that Microsoft made this month after Flame, an advanced super-spy kit, was found to fake Windows Update downloads.
The security changes in Mountain Lion bring OS X to parity with Windows, which has long checked for patch updates daily, and which by default automatically downloads and installs those updates for users.
Security experts will probably applaud: Most have argued that the less users are asked to do, the more likely they are to keep their machines up-to-date.
It’s possible that Apple has had these improvements in mind for a considerable time, but they could also be part of the company’s response to attacks earlier this year that infected an estimated 600,000 Macs with the Flashback malware.
Apple has made other moves recently that may also have been triggered by the Flashback campaign, including patching Java on the same day that Oracle fixed the flaws for other operating systems; shipping the first security-related update in nearly a year for the unsupported OS X Leopard; and blocking outdated versions of the Flash Player plug-in from running in Safari.
Apple has not set a release date for Mountain Lion, but has promised that the upgrade will go on sale in July for $20 at the Mac App Store.
If Apple follows the same release track for Mountain Lion that it used last year for Lion, the most likely release date will be July 25.