Security Update:Apple Releases Security Update to Address Critical Security Issue in Network Time Protocol Service
Date and Time
Mac OS X Users
Apple released a security update to address a "critical security issue" with the Network Time Protocol (NTP) service on OS X.
Advanced Users: For a complete description of the security enhancement and affected software refer to Apple’s About OS X NTP Security Update at http://support.apple.com/en-us/HT6601.
- OS X Mountain Lion v10.8.5
- OS X Mavericks v10.9.5
- OS X Yosemite v10.10.1
At this time, IT is recommending against upgrading to Yosemite until IT is able to fully test compatibility and confirm vendor support with standard supported software.
WHAT'S THE PROBLEM?
NTP service is widely used and exploitation of the vulnerability may allow a remote attacker to execute malicious code.
HOW DO I PROTECT MY COMPUTER?
Update your software
- If IT Field Services or you have other IT support, no action on your part is required.
- If you do not have IT support, updates for:
- To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:
- Mountain Lion: ntp-77.1.1
- Mavericks: ntp-88.1.1
- Yosemite: ntp-92.5.1
- Updates may be obtained from http://www.apple.com/softwareupdate/.
- The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) - Network Time Protocol Vulnerabilities at https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
- IT Security at http://it.ucsf.edu/security