Posted on 12/23/2014 12:29:16 AM PST by Swordmaker
First, I love my Macbook Pro. 17” Mid-2011. I prefer that the system download updates, but notify me before installing updates. I thought I had the preferences configured as such. This morning, I found that the options for ‘Install app updates’ and ‘Install OS X updates’ were not checked, as I expected. The (apparently new) option for ‘Install system data files and security updates.’ was checked. I did not check that option. I did, however, uncheck it this morning.
NTP is Network Time Protocol and in this instance is a system daemon module under UNIX and Linux like operating systems. . . it essentially keeps the clocks synchronized across networks by linking with known time servers on the Internet. A flaw was discovered in the UNIX and Linux implementations of NTP that has been around for years that would, if exploited by placing a man-in-the-middle server between the machine requesting sync and the legitimate time server, could potentially force a data buffer overflow and allow arbitrary code to be run, and therefore allowing a malicious intruder to take over a targeted machine. Since this NTP is something that has to run over networks, it is given high Root priority, it is a high risk. By its nature it is cross UNIX and Linux and, I wouldn't be surprised, iOS. . . all essentially UNIX at core. (Linux was clean room backward engineered from UNIX.)
I get that. I am probably the most cross-platform person out there. This is posted with Linux, I use Mac OS at work, have a Win7 laptop and a couple IOS phones.
No matter what, the code bases are starting to drift together. Linux, Mac OSX and IOS share so much and even Windows has more in common than Microsoft wants to admit.
Any vulnerability is going to propagate.
Windows uses a simpler NTP system even though it uses the same packet information, but it isn't as robust as the UNIX/Linux system. . . so, strangely, it isn't vulnerable to THIS problem, this time. If i recall correctly, it had similar problems several years ago, though.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.