Thanks to the Zoom fiasco, which left a secret webcam-sharing server running on Macs of anyone who previously installed the videoconferencing app, Apple issued two silent updates in the past week or so.
These silent updates are security patches that Apple can apply to your Mac automatically, without asking you first. They’re relatively rare, and are a great way for Apple to patch security holes almost instantly. They prove especially helpful for the kind of user that never, ever bothers to run software updates.
But what if you are a Mac nerd? Maybe you want to have a say over this kind of thing. Or perhaps you run IT for a company, and don’t want anything being installed on the business Macs without you checking it first. Can you switch off Apple’s silent updates? Yes, you can. Here’s how.
How to deactivate Apple silent updates
Silent updates come enabled by default, as you’d expect. To switch them off, head to System Preferences on your Mac. In High Sierra, you’ll find the settings under the App Store panel. In Mojave, it’s under Software Update > Advanced.
Open it up, then find the following checkbox:
Install system data files and security updates
Uncheck it to prevent any future silent updates. Here’s how it looks on High Sierra:
And on Mojave:
What happens if you disable automatic Mac updates?
If you switch off silent updates, the security fixes contained therein will be applied the next time you run a manual software update. However, you may have to wait a while, because these silent updates don’t show up in the list of available updates. So, it pays to think carefully before unchecking this box. You’ll be restoring a notional sense of “control” to yourself, but you may also be handing far more control over to bad actors, like Zoom, and the folks that exploited the Zoom malware.
Second, how many other things happen on your Mac without you knowing precisely what’s going on? If you trust a vendor (Apple) enough to let it take care of your passwords, photos, private documents and financial information, then you should probably also trust it to fix security holes.