Apple Issues Network Time Protocol Security Fix for OS X Users
Apple today released a new security update that’s designed to address a "critical security issue" with the Network Time Protocol service on OS X. Apple recommends that all Yosemite, Mavericks, and Mountain Lion users install the update "as soon as possible."
The update appears to address a problem that was highlighted by the U.S. Government on Friday, December 19 and originally discovered by the Google Security Team. The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.
Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.
Apple has faced several vulnerabilities over the course of 2014, most recently releasing an OS X bash update in September to fix the “Shellshock” security flaw. Today’s security update can be downloaded from the Mac App Store.
Update: As noted by Reuters, this update marks the first time Apple has deployed an automatic security update, which can be installed without user authorization.
Popular Stories
The first beta of iOS 18.4 is now available, and it includes a small but useful change for CarPlay.
As we noted in our list of iOS 18.4 features, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra, which can be equipped...
Apple finally released the first beta of iOS 18.4 to developers for testing purposes, and while the beta is lacking some of the Apple Intelligence features we were hoping for, there are some notable new additions.
Subscribe to the MacRumors YouTube channel for more videos.
Priority Notifications - Apple Intelligence
There is a new Priority Notifications feature that can show you your most...
In iOS 18.4, there's a new Ambient Music option that can be added to Control Center. There are four different sound categories, including Sleep, Chill, Productivity, and Wellbeing.
Each category can be added to Control Center separately, and tapping one plays a random selection of sounds or music from that particular category.
You can't choose what's playing from Control Center, but if...
Now that Apple has announced its new more affordable iPhone 16e, our thoughts turn to what else we are expecting from the company this spring.
There are three product categories that we are definitely expecting to get upgraded before spring has ended. Keep reading to learn what they are. If we're lucky, Apple might make a surprise announcement about a completely new product category.
M4...
Apple has confirmed that its custom-designed C1 modem in the iPhone 16e has nothing to do with the device's lack of MagSafe support, according to Macworld.
Following the launch of the iPhone 16e, there was some speculation online about how MagSafe magnets might have interfered with the C1 modem's cellular connectivity performance, and this was considered to be a potential reason for the...
Another week, another alleged leak regarding Apple's fabled foldable iPhone. We've been hearing rumors about an iPhone that folds in half for over eight years now. While they have lacked consistency, they do suggest that Apple has tested various prototypes, with the hinge seemingly the biggest challenge Apple has been trying to overcome. Apple wants to eliminate any crease in the screen before...
Apple has withdrawn its Advanced Data Protection iCloud feature from the United Kingdom following government demands for backdoor access to encrypted user data, according to Bloomberg. The move comes after UK officials secretly ordered Apple to provide unrestricted access to encrypted iCloud content worldwide.
Customers who are already using Advanced Data Protection, or ADP, will need to...
Apple today introduced the iPhone 16e, its newest entry-level smartphone. The device succeeds the third-generation iPhone SE, which has now been discontinued.
The iPhone 16e features a larger 6.1-inch OLED display, up from a 4.7-inch LCD on the iPhone SE. The display has a notch for Face ID, and this means that Apple no longer sells any iPhones with a Touch ID fingerprint button, marking the ...
