Update OS X Right Now to Avoid a Serious NTP Security Flaw
Apple late Monday released an urgent OS X security patch to address a vulnerability in the operating system’s Network Time Protocol (NTP) service. All users of OS X Mountain Lion, OS X Mavericks, and OS X Yosemite are urged to apply the update “as soon as possible.”
This update addresses a critical security issue with the software that provides the Network Time Protocol service on OS X, and is recommended for all users.
Install this update as soon as possible.
Apple has declined to detail the exact nature of the vulnerability to avoid assisting malicious users who might act to exploit it, but it is believed to be related to a flaw identified earlier this month by Google security researchers, which prompted a public warning from the U.S. Department of Homeland Security.
The Network Time Protocol is an important service used by virtually all modern operating systems to automatically set and coordinate a system’s clock with any one of a number of timekeeping servers worldwide. The newly discovered vulnerability reportedly allows an attacker to execute unauthorized code with the same privileges as the NTP process, and it affects implementations of NTP prior to version 4.2.8.
NTP is an open source protocol used by many companies in addition to Apple. Apple is the first company to issue a consumer-facing response, but those using hardware and software from other companies that rely on affected versions of the protocol should be on the lookout for similar updates in the coming days.
Mountain Lion, Mavericks, and Yosemite users can find the update now in Software Update, or by manually downloading the applicable update using the links above. The updates weigh in at only a few megabytes each and do not require a reboot.