Apple releases patch for critical NTP security flaw in OS X

Apple has released a new security update aimed at fixing a critical issue with the Network Time Protocol (NTP) service on OS X. It is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.1, and can be downloaded via the “updates” section of the Mac App Store.

The Cupertino-based company revealed that several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. As for the fix, Apple said that the issues were addressed through improved error checking.

Once you’ve applied the update, you can verify the ntpd version by executing the following command in terminal:

what /usr/sbin/ntpd

Users running Mountain Lion should be able to see ntp-77.1.1 as the updated build, while those running Mavericks and Yosemite should see version 88.1.1 and 92.5.1, respectively.

Multiple security vulnerabilities related to NTP were highlighted by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) last week, saying they affect products using NTP service prior to NTP-4.2.8, and exploits targeting them are publicly available.

The update also comes just over a couple of months after the iPhone maker released an update for OS X Mavericks, Lion, and Mountain Lion to fix the Shellshock bug in the Bash software, which is used in Unix-based systems.

via Apple releases patch for critical NTP security flaw in OS X – TechSpot.

Advertisements