Apple Issues Network Time Protocol Security Fix for OS X Users
Apple today released a new security update that’s designed to address a "critical security issue" with the Network Time Protocol service on OS X. Apple recommends that all Yosemite, Mavericks, and Mountain Lion users install the update "as soon as possible."
The update appears to address a problem that was highlighted by the U.S. Government on Friday, December 19 and originally discovered by the Google Security Team. The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.
Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.
Apple has faced several vulnerabilities over the course of 2014, most recently releasing an OS X bash update in September to fix the “Shellshock” security flaw. Today’s security update can be downloaded from the Mac App Store.
Update: As noted by Reuters, this update marks the first time Apple has deployed an automatic security update, which can be installed without user authorization.
Popular Stories
Apple today released iOS 17.0.2 and iPadOS 17.0.2 updates, with the software coming five days after the releases of iOS 17.0.1 and iPadOS 17.0.1. Today's iOS 17.0.2 and iPadOS 17.0.2 updates arrive as build 21A351 and can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Note that iOS 17.0.2 was previously made available for iPhone...
Apple previously announced that macOS Sonoma will be released this Tuesday, September 26. The free software update includes many new features and changes for the Mac, including the five that we have highlighted below. In addition to these five features, we have shared the full release notes for macOS Sonoma below for a complete overview of everything new. Desktop Widgets macOS Sonoma...
Complaints about heat issues with the iPhone 15 Pro models are not related to TSMC's 3-nanometer node that was used for the A17 Pro chip, according to well-respected Apple analyst Ming-Chi Kuo. Kuo says that overheating could be caused by "compromises made in the thermal system design" that allowed Apple to cut down on the weight of the iPhone 15 Pro models. Kuo says that the reduced heat...
The iPhone 16 series is expected to gain an additional capacitive button, known internally as the "Capture Button." Codenamed "Project Nova," the button is likely to be one of the main selling points of the iPhone 16 lineup, assuming it gets past the initial testing phase. The Capture Button is located on the same side as the Power button, only positioned slightly lower - where the mmWave cutout...
Apple could be preparing to release a seventh-generation iPad mini before the end of the year, based on a new report by DigiTimes. In an article discussing stagnating global tablet demand in the second half of 2023, the Taiwan-based outlet forecasts an uptick in Apple's share of the market owing to orders for a "small-size" iPad in the fourth quarter. From the report (see bold): In the...
Apple today released macOS 14 Sonoma, the newest version of the operating system that runs on the Mac. macOS Sonoma has been in beta testing for several months, and it is compatible with the 2019 and later iMac, the iMac Pro, the 2018 and later Mac mini, the 2018 and later MacBook Pro, the 2019 and later Mac Pro, and the Mac Studio. The macOS Sonoma update can be downloaded for free on...
Top Rated Comments
1.4? I can install it using my floppy drive.
You have to love that in 2014 people still equate hacking to unemployment.
Why would I do that? Snow Leopard works, and runs all my software properly. Later OSs add nothing of value to me, and, judging by comments on this board, causes problems that i don't currently have.
Yes it is, but apparently Apple no longer cares about the security of their Snow Leopard and Lion customers. You either upgrade your perfectly good software (if you can) or you're on your own.
Well, you could just buy a new Mac, which is what Apple wants you to do anyway.
As I've said numerous times before, no-one should expect eternal updates in terms of new features etc - that's what new versions of the OS are for, and what should attract users to upgrade. Of course it's unreasonable to expect Apple to develop new features for old OS versions that a few versions old.
However, when bad security vulnerabilities / flaws are discovered that apparently wouldn't take very much effort for Apple to patch, I think it's unconscionable to not provide security patches for machines that are otherwise still perfectly usable today other than having software Apple can't be bothered to support in the very slightest, narrow way. Apart from anything else, we know compromised machines are bad for everyone on the internet.
Are you aware that Software Support isn't the same as Hardware Support?