Apple Issues Network Time Protocol Security Fix for OS X Users

by

Apple today released a new security update that’s designed to address a "critical security issue" with the Network Time Protocol service on OS X. Apple recommends that all Yosemite, Mavericks, and Mountain Lion users install the update "as soon as possible."

applesecurityupdate
The update appears to address a problem that was highlighted by the U.S. Government on Friday, December 19 and originally discovered by the Google Security Team. The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.

Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.

These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.

Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

Apple has faced several vulnerabilities over the course of 2014, most recently releasing an OS X bash update in September to fix the “Shellshock” security flaw. Today’s security update can be downloaded from the Mac App Store.

Update: As noted by Reuters, this update marks the first time Apple has deployed an automatic security update, which can be installed without user authorization.

Popular Stories

New Things Your iPhone Can Do in iOS 18

18 New Things Your iPhone Can Do in iOS 18.2

Wednesday November 13, 2024 2:09 am PST by
Apple is set to release iOS 18.2 next month, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls incoming as well....
Read Full Article25 comments
M4 MacBook Pros Thumb

M4 MacBook Pro Uses Quantum Dot Display Technology

Thursday November 14, 2024 4:19 pm PST by
The M4 MacBook Pro models feature quantum dot display technology, according to display analyst Ross Young. Apple used a quantum dot film instead of a red KSF phosphor film, a change that provides more vibrant, accurate color results. Young says that Apple has opted for KSF for prior MacBook Pro models because it doesn't use toxic element cadmium (typical for quantum dot) and is more...
Read Full Article98 comments
AirPods Crackling Feature

Apple Customers Sue Over Unfixed AirPods Pro Crackling Issue

Wednesday November 13, 2024 11:01 am PST by
A trio of Apple customers this month filed a class action lawsuit against Apple, accusing the Cupertino company of violating California consumer protection laws and false advertising for continuing to sell AirPods Pro models that had ongoing issues with crackling or static sounds. A few months after the AirPods Pro came out in October 2019, buyers began to complain about crackling, rattling, ...
Read Full Article132 comments
google gemini

Google Releases Standalone Gemini AI App for iPhone

Thursday November 14, 2024 2:54 am PST by
Google has launched its dedicated Gemini artificial intelligence app for iPhone users, expanding beyond the previous limited integration within the main Google app. The standalone app offers enhanced functionality, including support for Gemini Live and iOS-specific features like Dynamic Island integration. The new app allows iPhone users to interact with Google's AI through text or voice...
Read Full Article72 comments
maxresdefault

M4 Max MacBook Pro: Real-World Usage Tests

Wednesday November 13, 2024 11:59 am PST by
Apple last week replaced the M3 Max MacBook Pro with the new M4 Max MacBook Pro, and we picked up one of the new high-end MacBook Pro machines to see how it compares to the prior model with both benchmarks and real-world tests. We tested an M4 Max with a 16-core CPU, 40-core GPU, and 48GB RAM against an M3 Max MacBook Pro with similar specs. The two machines look similar, but the display on...
Read Full Article40 comments
iphone passcode green

iOS 18 Security Feature Causes iPhone to Reboot After Three Days of Inactivity

Thursday November 14, 2024 2:19 pm PST by
With iOS 18, Apple introduced a feature that causes the iPhone to reboot every three days, security researchers have confirmed (via TechCrunch). In a demo video, security researcher Jiska Classen proved that an iPhone left untouched for 72 hours will automatically restart, and Graykey manufacturer also Magnet Forensics wrote a blog post about the feature. After a reboot, an iPhone is more...
Read Full Article119 comments

Top Rated Comments

ghostface147 Avatar
ghostface147
129 months ago
It's only 1.4MB (late 2013 iMac) so no problems whatsoever! :rolleyes:

1.4? I can install it using my floppy drive.
Score: 48 Votes (Like | Disagree)
Junipr Avatar
Junipr
129 months ago
You have to love the ingenuity / desperation of hackers. Instead of getting a job...

You have to love that in 2014 people still equate hacking to unemployment.
Score: 24 Votes (Like | Disagree)
OLDCODGER Avatar
OLDCODGER
129 months ago
You can install Yosemite on 7-year-old iMacs, hot shot.

Why would I do that? Snow Leopard works, and runs all my software properly. Later OSs add nothing of value to me, and, judging by comments on this board, causes problems that i don't currently have.
Score: 13 Votes (Like | Disagree)
archtopshop Avatar
archtopshop
129 months ago
Is Snow Leopard impacted?

Yes it is, but apparently Apple no longer cares about the security of their Snow Leopard and Lion customers. You either upgrade your perfectly good software (if you can) or you're on your own.

Well, you could just buy a new Mac, which is what Apple wants you to do anyway.
Score: 10 Votes (Like | Disagree)
Porco Avatar
Porco
129 months ago
Personally I find it inexcusable that apparently serious security bugs are not being patched in Snow Leopard/Lion. If people are suggesting you can compile it yourself with developer tools… doesn't that just prove Apple is putting some of its less advanced users at risk purely to try and sell them newer computers? I think it's fairly heinous behaviour if so.

As I've said numerous times before, no-one should expect eternal updates in terms of new features etc - that's what new versions of the OS are for, and what should attract users to upgrade. Of course it's unreasonable to expect Apple to develop new features for old OS versions that a few versions old.

However, when bad security vulnerabilities / flaws are discovered that apparently wouldn't take very much effort for Apple to patch, I think it's unconscionable to not provide security patches for machines that are otherwise still perfectly usable today other than having software Apple can't be bothered to support in the very slightest, narrow way. Apart from anything else, we know compromised machines are bad for everyone on the internet.
Score: 9 Votes (Like | Disagree)
Big-TDI-Guy Avatar
Big-TDI-Guy
129 months ago
You can install Yosemite on 7-year-old iMacs, hot shot.

Are you aware that Software Support isn't the same as Hardware Support?
Score: 9 Votes (Like | Disagree)
Read All Comments