Apple Issues Network Time Protocol Security Fix for OS X Users

by

Apple today released a new security update that’s designed to address a "critical security issue" with the Network Time Protocol service on OS X. Apple recommends that all Yosemite, Mavericks, and Mountain Lion users install the update "as soon as possible."

applesecurityupdate
The update appears to address a problem that was highlighted by the U.S. Government on Friday, December 19 and originally discovered by the Google Security Team. The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.

Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.

These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.

Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

Apple has faced several vulnerabilities over the course of 2014, most recently releasing an OS X bash update in September to fix the “Shellshock” security flaw. Today’s security update can be downloaded from the Mac App Store.

Update: As noted by Reuters, this update marks the first time Apple has deployed an automatic security update, which can be installed without user authorization.

Top Rated Comments

ghostface147 Avatar
ghostface147
108 months ago
It's only 1.4MB (late 2013 iMac) so no problems whatsoever! :rolleyes:

1.4? I can install it using my floppy drive.
Score: 48 Votes (Like | Disagree)
Junipr Avatar
Junipr
108 months ago
You have to love the ingenuity / desperation of hackers. Instead of getting a job...

You have to love that in 2014 people still equate hacking to unemployment.
Score: 24 Votes (Like | Disagree)
OLDCODGER Avatar
OLDCODGER
108 months ago
You can install Yosemite on 7-year-old iMacs, hot shot.

Why would I do that? Snow Leopard works, and runs all my software properly. Later OSs add nothing of value to me, and, judging by comments on this board, causes problems that i don't currently have.
Score: 13 Votes (Like | Disagree)
archtopshop Avatar
archtopshop
108 months ago
Is Snow Leopard impacted?

Yes it is, but apparently Apple no longer cares about the security of their Snow Leopard and Lion customers. You either upgrade your perfectly good software (if you can) or you're on your own.

Well, you could just buy a new Mac, which is what Apple wants you to do anyway.
Score: 10 Votes (Like | Disagree)
Porco Avatar
Porco
108 months ago
Personally I find it inexcusable that apparently serious security bugs are not being patched in Snow Leopard/Lion. If people are suggesting you can compile it yourself with developer tools… doesn't that just prove Apple is putting some of its less advanced users at risk purely to try and sell them newer computers? I think it's fairly heinous behaviour if so.

As I've said numerous times before, no-one should expect eternal updates in terms of new features etc - that's what new versions of the OS are for, and what should attract users to upgrade. Of course it's unreasonable to expect Apple to develop new features for old OS versions that a few versions old.

However, when bad security vulnerabilities / flaws are discovered that apparently wouldn't take very much effort for Apple to patch, I think it's unconscionable to not provide security patches for machines that are otherwise still perfectly usable today other than having software Apple can't be bothered to support in the very slightest, narrow way. Apart from anything else, we know compromised machines are bad for everyone on the internet.
Score: 9 Votes (Like | Disagree)
Big-TDI-Guy Avatar
Big-TDI-Guy
108 months ago
You can install Yosemite on 7-year-old iMacs, hot shot.

Are you aware that Software Support isn't the same as Hardware Support?
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 17 on Phone Feature

Gurman: iOS 17 to Provide Several 'Most Requested Features'

Sunday March 26, 2023 6:05 am PDT by
Apple changed the strategy for iOS 17 later in its development process to add several new features, suggesting that the update may be more significant than previously thought, Bloomberg's Mark Gurman reports. In January, Gurman said that iOS 17 could be a less significant update than iPhone updates in previous years due to the company's intense focus on its long-awaited mixed-reality...
Read Full Article241 comments
dynamic island

iPhone 15 Dynamic Island to Include New Integrated Proximity Sensor

Friday March 24, 2023 12:27 am PDT by
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models. According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
Read Full Article77 comments
top stories 25mar2023

Top Stories: iPhone 15 Pro Design Leak, iOS 16.4 Coming Soon, and More

Saturday March 25, 2023 6:00 am PDT by
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware. iOS 16.4 and associated releases are also right around the corner with some new ...
Read Full Article34 comments
Hero0009

Best Apple Deals of the Week: Samsung's Smart Monitor M8 Gets Massive $250 Discount, Along With Year's Best AirPods Prices

Friday March 24, 2023 10:23 am PDT by
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below. Note: MacRumors is an affiliate partner with some of these ...
Read Full Article12 comments
Steve Jobs Theater dusk

Apple Reportedly Demoed Mixed-Reality Headset to Executives in the Steve Jobs Theater Last Week

Sunday March 26, 2023 5:53 am PDT by
Apple showcased its mixed-reality headset to the company's top 100 executives in the Steve Jobs Theater last week, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that the "momentous gathering" is a "key milestone" ahead of the headset's public announcement planned for June. The event was intended to rally Apple's top members of...
Read Full Article106 comments
apple mixed reality headset concept by david lewis and marcus kane

Some Apple Employees Seriously Concerned About Mixed-Reality Headset as Announcement Draws Closer

Sunday March 26, 2023 8:25 am PDT by
Some Apple employees are concerned about the usefulness and price point of the company's upcoming mixed-reality headset, The New York Times reports. Apple headset concept by David Lewis and Marcus Kane Initial enthusiasm around the device at the company has apparently become skepticism, according to eight current and former Apple employees speaking to The New York Times. The change of tone...
Read Full Article479 comments
iphone 14 pro max deep purple feature purple

iPhone 15 Pro Rumor Recap: 10 New Features and Changes to Expect

Thursday March 23, 2023 6:42 am PDT by
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular. Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...
Read Full Article105 comments
iOS 16

iOS 16.4 Will Add These 8 New Features to Your iPhone

Sunday March 26, 2023 8:06 am PDT by
Following nearly six weeks of beta testing, iOS 16.4 is expected to be released to the public as soon as this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions. Below, we have recapped eight new features and...
Read Full Article