Apple recently issued a security update for Mac OS X users, fixing a critical security issue.
As the release note suggests, the update addresses a critical security issue with the software that provides the Network Time Protocol service on OS X. Users are advised to install the update "as soon as possible". Additionally, Apple has recommended that all OS X users such as Yosemite, Mavericks and Mountain Lion install the update.
"Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.
Products using NTP service prior to NTP-4.2.8 are affected. No specific vendor is specified because this is an open source protocol."
OS X NTP Security Update
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
Impact: A remote attacker may be able to execute arbitrary code
Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:
- Mountain Lion: ntp-77.1.1
- Mavericks: ntp-88.1.1
- Yosemite: ntp-92.5.1
How to install the update
The new security fix will be available for download from the Mac App Store or any Mac powered with Mountain Lion, Mavericks and Yosemite. Just open up the store and click on updates, the security fix will pop up. The update weighs in around 2MB and it should take only just two minutes for the update to get installed. Following are the download links for OS X NTP security update.