Free Republic
Browse · Search		 General/Chat
Topics · Post Article

Skip to comments.

Apple releases OS X NTP Security Update; Mac users advised to install ASAP
Apple Inc. ^ | December 22, 2014

Posted on 12/23/2014 12:29:16 AM PST by Swordmaker

click here to read article

Navigation: use the links below to view more comments.
first previous 1-2021-24 last
To: Swordmaker

First, I love my Macbook Pro. 17” Mid-2011. I prefer that the system download updates, but notify me before installing updates. I thought I had the preferences configured as such. This morning, I found that the options for ‘Install app updates’ and ‘Install OS X updates’ were not checked, as I expected. The (apparently new) option for ‘Install system data files and security updates.’ was checked. I did not check that option. I did, however, uncheck it this morning.


21 posted on 12/23/2014 9:25:51 PM PST by DigitalVideoDude (It's amazing what you can accomplish when you don't care who gets the credit. -Ronald Reagan)
[ Post Reply | Private Reply | To 18 | View Replies]
To: MediaMole
These days, it seems everyone is sharing the same code base and the same vulnerabilities.

NTP is Network Time Protocol and in this instance is a system daemon module under UNIX™ and Linux like operating systems. . . it essentially keeps the clocks synchronized across networks by linking with known time servers on the Internet. A flaw was discovered in the UNIX™ and Linux implementations of NTP that has been around for years that would, if exploited by placing a man-in-the-middle server between the machine requesting sync and the legitimate time server, could potentially force a data buffer overflow and allow arbitrary code to be run, and therefore allowing a malicious intruder to take over a targeted machine. Since this NTP is something that has to run over networks, it is given high Root priority, it is a high risk. By its nature it is cross UNIX and Linux and, I wouldn't be surprised, iOS. . . all essentially UNIX at core. (Linux was clean room backward engineered from UNIX.)

22 posted on 12/23/2014 9:54:45 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 20 | View Replies]
To: Swordmaker

I get that. I am probably the most cross-platform person out there. This is posted with Linux, I use Mac OS at work, have a Win7 laptop and a couple IOS phones.

No matter what, the code bases are starting to drift together. Linux, Mac OSX and IOS share so much and even Windows has more in common than Microsoft wants to admit.

Any vulnerability is going to propagate.


23 posted on 12/23/2014 10:17:02 PM PST by MediaMole
[ Post Reply | Private Reply | To 22 | View Replies]
To: MediaMole
I get that. I am probably the most cross-platform person out there. This is posted with Linux, I use Mac OS at work, have a Win7 laptop and a couple IOS phones.

Windows uses a simpler NTP system even though it uses the same packet information, but it isn't as robust as the UNIX/Linux system. . . so, strangely, it isn't vulnerable to THIS problem, this time. If i recall correctly, it had similar problems several years ago, though.

24 posted on 12/24/2014 1:02:57 AM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 23 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-2021-24 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 General/Chat
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson