Apple has issued a security update to address a critical security issue with OS X's Network Time Protocol service. The company recommends that all users apply this patch "as soon as possible."
According to Apple's support page, the update patches a vulnerability that could allow an attacker to remotely run code on a system:
Impact: A remote attacker may be able to execute arbitrary code
Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
According to Dennis Fisher of ThreatPost, the NTP vulnerability is so severe that a single packet would be all it would take to exploit it.
The update is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 and is available for download via the "updates" section of the Mac App Store. No reboot is required.