Apple Issues Network Time Protocol Security Fix for OS X Users

Apple today released a new security update that’s designed to address a "critical security issue" with the Network Time Protocol service on OS X. Apple recommends that all Yosemite, Mavericks, and Mountain Lion users install the update "as soon as possible."

applesecurityupdate
The update appears to address a problem that was highlighted by the U.S. Government on Friday, December 19 and originally discovered by the Google Security Team. The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.

Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.

These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.

Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

Apple has faced several vulnerabilities over the course of 2014, most recently releasing an OS X bash update in September to fix the “Shellshock” security flaw. Today’s security update can be downloaded from the Mac App Store.

Update: As noted by Reuters, this update marks the first time Apple has deployed an automatic security update, which can be installed without user authorization.

Top Rated Comments

(View all)
Avatar
76 months ago

It's only 1.4MB (late 2013 iMac) so no problems whatsoever! :rolleyes:


1.4? I can install it using my floppy drive.
Score: 48 Votes (Like | Disagree)
Avatar
76 months ago

You have to love the ingenuity / desperation of hackers. Instead of getting a job...


You have to love that in 2014 people still equate hacking to unemployment.
Score: 24 Votes (Like | Disagree)
Avatar
76 months ago

You can install Yosemite on 7-year-old iMacs, hot shot.


Why would I do that? Snow Leopard works, and runs all my software properly. Later OSs add nothing of value to me, and, judging by comments on this board, causes problems that i don't currently have.
Score: 13 Votes (Like | Disagree)
Avatar
76 months ago

Is Snow Leopard impacted?


Yes it is, but apparently Apple no longer cares about the security of their Snow Leopard and Lion customers. You either upgrade your perfectly good software (if you can) or you're on your own.

Well, you could just buy a new Mac, which is what Apple wants you to do anyway.
Score: 10 Votes (Like | Disagree)
Avatar
76 months ago
Personally I find it inexcusable that apparently serious security bugs are not being patched in Snow Leopard/Lion. If people are suggesting you can compile it yourself with developer tools… doesn't that just prove Apple is putting some of its less advanced users at risk purely to try and sell them newer computers? I think it's fairly heinous behaviour if so.

As I've said numerous times before, no-one should expect eternal updates in terms of new features etc - that's what new versions of the OS are for, and what should attract users to upgrade. Of course it's unreasonable to expect Apple to develop new features for old OS versions that a few versions old.

However, when bad security vulnerabilities / flaws are discovered that apparently wouldn't take very much effort for Apple to patch, I think it's unconscionable to not provide security patches for machines that are otherwise still perfectly usable today other than having software Apple can't be bothered to support in the very slightest, narrow way. Apart from anything else, we know compromised machines are bad for everyone on the internet.
Score: 9 Votes (Like | Disagree)
Avatar
76 months ago

You can install Yosemite on 7-year-old iMacs, hot shot.


Are you aware that Software Support isn't the same as Hardware Support?
Score: 9 Votes (Like | Disagree)

Top Stories

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

Google Reportedly Pays Apple $8-12 Billion Per Year to be Default iOS Search Engine

Sunday October 25, 2020 2:59 pm PDT by
The United States Justice Department is targeting a lucrative deal between Apple and Google as part of one of the U.S. government's largest antitrust cases, reports The New York Times. On Tuesday, the Justice Department filed an antitrust lawsuit against Google, claiming the Mountain View-based company used anticompetitive and exclusionary practices in the search and advertising markets to ...

iPhone 12 Pro Allows You to Measure Someone's Height Instantly Using LiDAR Scanner

Saturday October 24, 2020 11:12 am PDT by
iPhone 12 Pro models feature a new LiDAR Scanner for enhanced augmented reality experiences, but the sensor also enables another unique feature: the ability to measure a person's height instantly using the Measure app. You can even measure the seated height of a person in a chair, according to Apple. When the Measure app detects a person in the viewfinder, it automatically measures their...

MagSafe Charger Only Charges at Full 15W Speeds With Apple's 20W Power Adapter

Monday October 26, 2020 3:38 pm PDT by
Alongside the iPhone 12 and 12 Pro models, Apple introduced a new MagSafe charger that attaches to the magnetic ring in the back of the devices, providing up to 15W of charging power, which is double the speed of the 7.5W Qi-based wireless charging maximum. Apple does not provide a power adapter with the $39 MagSafe charger, requiring users to supply their own USB-C compatible option. Apple...

Early iPhone 12 Tests Show Ceramic Shield is Stronger and More Scratch Resistant Than iPhone 11 Glass

Friday October 23, 2020 1:21 pm PDT by
Apple's new iPhone 12 models are protected by a Ceramic Shield cover glass that has nano-ceramic crystals infused right into the glass to improve durability. According to Apple, Ceramic Shield offers four times better drop protection than the glass used for the iPhone 11 models. YouTube channel MobileReviewsEh conducted some tests on the iPhone 12 using a force meter to compare its performance ...

iPhone 12 Six-Foot Drop Test Results: Ceramic Shield More Durable But Not Damage Proof

Monday October 26, 2020 5:00 am PDT by
Apple's new iPhone 12 and iPhone 12 Pro feature a new Ceramic Shield screen that Apple says offers 4x better drop performance. To test that claim, Allstate Protection Plans put the two models through a range of breakability tests and recorded the results. In a face down sidewalk drop test at six feet, the iPhone 12 suffered small cracks and scuffed corners and edges, leaving sharp grooves in ...

Bloomberg: New AirPods and AirPods Pro Coming in 2021, AirPods Studio Delayed, Third HomePod Model Also Possible

Monday October 26, 2020 3:34 am PDT by
Apple plans to update its AirPods line next year with two new models including third-generation AirPods and second-generation AirPods Pro, according to a new report from Bloomberg. The Cupertino, California-based technology giant is working on two new models: third-generation entry-level AirPods and the second version of the AirPods Pro earbuds, according to people familiar with the plans. ...

Report: Apple Silicon iMac Featuring Desktop Class 'A14T' Chip Coming First Half of 2021

Tuesday October 27, 2020 4:14 am PDT by
The first iMac powered by Apple Silicon is set to arrive in the first half of next year and will feature a desktop class "A14T" chip, according to Chinese-language newspaper The China Times. Codenamed "Mt. Jade," Apple's first custom-made desktop processor will be twinned with its first self-developed GPU, codenamed "Lifuka," both of which are being produced using TSMC's 5-nanometer process, ...

iPhone 11 Pro Outlasts iPhone 12 and 12 Pro in Extensive Battery Life Test

Friday October 23, 2020 8:36 am PDT by
Arun Maini today shared a new side-by-side iPhone battery life video test on his YouTube channel Mrwhosetheboss, timing how long the new iPhone 12 and iPhone 12 Pro models last on a single charge compared to older models, with equal brightness, settings, battery health, and usage. All of the devices are running iOS 14 without a SIM card inserted. In the test, the iPhone 11 Pro outlasted both ...

Apple Warns MagSafe Charger Can Leave Circular Imprints on Leather Cases

Friday October 23, 2020 3:23 pm PDT by
If you keep your iPhone in a leather case while charging with Apple's new MagSafe Charger, the case might show circular imprints from contact with the accessory, according to a new Apple support document published today. Apple's leather cases for the iPhone 12 and iPhone 12 Pro are not available until November 6, but a MacRumors reader has already shared a photo of a circular imprint on...