Apple releases security update for critical NTP vulnerability in OS X

Apple has issued a security update to address a critical security issue with OS X's Network Time Protocol service.

2014-12-2223-34-39x.jpg

Apple has issued a security update to address a critical security issue with OS X's Network Time Protocol service. The company recommends that all users apply this patch "as soon as possible."

According to Apple's support page, the update patches a vulnerability that could allow an attacker to remotely run code on a system:

Impact: A remote attacker may be able to execute arbitrary code

Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.

According to Dennis Fisher of ThreatPost, the NTP vulnerability is so severe that a single packet would be all it would take to exploit it.

The update is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 and is available for download via the "updates" section of the Mac App Store. No reboot is required.

See also:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All