Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple releases critical security update for OS X NTP services vulnerability

Last updated

Apple on Monday pushed out an update addressing a "critical security issue" for OS X concerning a vulnerability discovered in the Network Time Protocol service, affecting Mac users running OS X Yosemite, Mavericks and Mountain Lion.

According to Apple's Support website, the update targets a number of issues with OS X Network Time Protocol daemon (ntpd) software that allows remote attackers to trigger buffer overflows, which can be leveraged to execute arbitrary code on a target Mac. The Google Security Team made the discovery earlier this month.

Users can verify their ntpd version by opening Terminal and typing what /usr/sbin/ntpd. With the update installed, users should see the following versions:

Mountain Lion: ntp-77.1.1

Mavericks: ntp-88.1.1

Yosemite: ntp-92.5.1

Users can find the update via Software Update or already downloaded if the "Install system data files and security updates" option is checked in the App Store menu of System Preferences.



23 Comments

macky the macky 15 Years · 4801 comments

"...buffer overflows, which can be leveraged to execute arbitrary code on a target Mac..." [COLOR=blue]This is such an elementary way to break into a system, how could anyone, especially Apple, let it happen in this day and age??[/COLOR] I don't mean this as an indictment of Apple, I'm seriously asking the question.

crowley 15 Years · 10431 comments

I wonder if this means alarms clocks will work this year?

 

/s

jfc1138 12 Years · 3090 comments

Quote:
Originally Posted by Macky the Macky 

"...buffer overflows, which can be leveraged to execute arbitrary code on a target Mac..."

This is such an elementary way to break into a system, how could anyone, especially Apple, let it happen in this day and age??

I don't mean this as an indictment of Apple, I'm seriously asking the question.


So how would you exploit this? Some elementary sample code would be appreciated.

 

Seriously asking the question

droidftw 11 Years · 1009 comments

Everyone, all together now, "Thanks Google for making Apple's products more secure."

lord amhran 12 Years · 900 comments

How interesting. Daniel Eran Dilger's usually the first one to vociferously trumpet such vulnerabilities, especially when they pertain to Android, so I'm surprised he missed this one...