Yesterday OS X developers and testers received a new build of the Mountain Lion developer preview, which implements a new emphasis on security by enhancing updating procedures. In prior versions of OS X, Apple offered options to download updates in the background and automatically check for updates, but has now provided the option to both check for important software updates daily over an encrypted connection and have them install automatically.
This new development in OS X mimics the "silent update" approach that Adobe recently added to Flash, and is a great way to enhance the security of OS X for the average user. Once a software vulnerability becomes public knowledge, malware developers are aware of it, which increases the likelihood of it being exploited. This was seen in the recent Flashback malware outbreak on OS X in which an unpatched Java update allowed about 1 percent of the OS X install base to be compromised. Having the system automatically check for and install important updates both securely and daily should help reduce the windows of opportunity that criminals can use to compromise a system.
While a daily check for software updates by itself is perhaps a minimal improvement over Apple's prior software update implementation, these enhancements suggest two larger possibilities. The first is speculatively that this feature could be used not only for Apple's OS and supported technologies, but also as suggested by Intego for third-party updates provided through the App store. Currently the new security feature's description only mentions it is used for "required security updates," which may mean it pertains only to Apple's software, but is ambiguous enough to potentially include others.
In Mountain Lion, Apple offers OS updates to developers through the Mac App Store, but it also currently offers third-party update notifications through the store. It is feasible that this new update routine could include critical updates for third-party apps a user has purchased in addition to system updates.
The second thing this development suggests is that Apple is paying more attention to security on many fronts rather than taking a lackadaisical approach to it, as could be seen during the Flashback outbreak. Along with no longer promoting an air of impenetrability about OS X on its Web site, this new implementation in Mountain Lion suggests Apple may increasingly jump on security updates and offer them as soon as it can. This was recently seen with build 33 of the Java 6 SE runtime that Apple made available only hours after it was updated by Oracle, rather than months as was the case with build 31 (the one that closed the security hole used by Flashback).
While for the most part this new feature in Mountain Lion will be of benefit to OS X users, it does come with the potential drawback of problematic updates being pushed to users. Recently a faulty Thunderbolt update caused a number of systems to no longer boot properly, requiring users to reinstall OS X. While such a problem is rare, having automatic installations only increases the potential spread of such problems should they occur again. Because of this, it is often more beneficial to have the system check for updates often, but only have them install on demand instead of automatically.