On Monday, December 22, Apple released a critical security update designed to a address a vulnerability in the  Network Time Protocol daemon (ntpd) of OS X. All Yosemite, Mavericks, and Mountain Lion users are urgedsecurity and privacy settings apple by Apple to install the update as soon as possible.

The update fixes an issue that was addressed by the US Government Friday and originally discovered by the Google Research Team. From a Department of Homeland Security website:

Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.
Products using NTP service prior to NTP-4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

This vulnerability could allow an attacker to execute arbitrary code with the privileges of the ntpd process. This vulnerability is not exclusive to OS X machines. The Network Time Protocol  is one of the oldest internet protocols and is widely used by networked devices around the world today. You can download this update from the App Store from your Mac.

Leave a Reply

Your email address will not be published.

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00
Copy link
Powered by Social Snap