Posted on 12/23/2014 12:29:16 AM PST by Swordmaker
Apple today released OS X NTP Security Update for Yosemite, Mavericks, and Mountain Lion.
Install this update as soon as possible.
This update addresses a critical security issue with the software that provides the Network Time Protocol service on OS X, and is recommended for all users.
Apple digitally signs its software updates to ensure the authenticity of update packages. Software Update automatically verifies a packages signature prior to installing the update. If you manually download an update package, you can verify the signature yourself to confirm that the package is authentic and complete. See < HREF="http://support.apple.com/en-us/HT202369">this article for details on how to verify the authenticity of this download.
For more information on the security content of this update see Support.apple.com
OS X NTP Security Update is available via Software Update.
OS X NTP Security Update is also available via manual download. More info and download links:
OS X NTP Security Update: OS X Yosemite
OS X NTP Security Update: OS X Mavericks
OS X NTP Security Update: OS X Mountain Lion
If you want on or off the Mac Ping List, Freepmail me.
Thanks. Updated. Interested in knowing the extended issues involved with this. I’m sure the Fud Packers (FP) will tell us. BTTT.
Thanks for posting this. I had it updated within a few minutes of seeing this.
chkconfig ntp off
Still using Tiger
You might want to point out that the vulnerability is in NTP itself, not in only the Mac’s use of it. Looks like it’s in the NTP sources, which affect a lot of OSes, if I’m reading this correctly:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295
Still using Snow Leopard ...
Mountain Lion Security update link not right.
Correct one here:
http://support.apple.com/kb/DL1781?viewlocale=en_US&locale=en_US
I looked, and noticed NTP was amongst my Fedora updates pending. Don’t know if it’s a fix of the same thing, but I went ahead and installed it.
My MBP auto-updated, so I’m good.
It freaked me out to see an update applied that I did not have to approve. I didn’t like it. It seemed suspicious. So, I did some research and found that Apple pushed this security update using a system that does not require user interaction. Ugh. Sounds like another potential exploit vector.
I was surprised by the auto-update as well. Thanks for the information.
Update done; thanks for the ping!
Update done; thanks for the ping!
Thanks for the head’s up. It was fast.
Yeah this applies to all systems and OSes with NTP, Linux, BSD, etc.
Why are you surprised. At some point you set your App Store update preferences to automatically install updates, specifically system data files and security updates (those are the things that keep your Mac safe):
Thanks for the info on the universality of this NTP flaw extending to all *nix type operating systems.
These days, it seems everyone is sharing the same code base and the same vulnerabilities.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.