Apple Issues Network Time Protocol Security Fix for OS X UsersApple today released a new security update that’s designed to address a "critical security issue" with the Network Time Protocol service on OS X. Apple recommends that all Yosemite, Mavericks, and Mountain Lion users install the update "as soon as possible."
The update appears to address a problem that was highlighted
by the U.S. Government on Friday, December 19 and originally discovered by the Google Security Team. The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.
Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.
Apple has faced several vulnerabilities over the course of 2014, most recently releasing an OS X bash update in September to fix the “Shellshock” security flaw. Today’s security update can be downloaded from the Mac App Store.
Recent Mac and iOS Blog Stories •
Ticketmaster Adds Support for Apple Pay to its iOS App •
'DockPhone' Adds Phone Dialing to Yosemite, Bypassing FaceTime •
Walt Disney World to Begin Accepting Apple Pay Starting December 24 •
Buyer's Guide: Deals on iPad Air 2, MacBook Air, iMac, Apple Accessories, and More •
T-Mobile to Pay $90M to Settle With FTC Over Cramming Accusation •
Flyover for Apple Maps Expanded to Include New Cities in France, Sweden, Italy and Netherlands •
CalDigit's Thunderbolt Station 2 Launches in January With $170 Pre-Order Pricing •
'Watch ABC' Apple TV App Updated with Full Episodes for All Users<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/41b1e0e6/sc/5/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/216443179618/u/49/f/648327/c/35070/s/41b1e0e6/sc/5/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="//feeds.feedburner.com/~r/MacRumors-Front/~4/B5pF_LiANkk" height="1" width="1" alt=""/>
Source:
Apple Issues Network Time Protocol Security Fix for OS X Users
