it.ucsf.edu

Security Update:Apple Releases Security Update to Address Critical Security Issue in Network Time Protocol Service

Status Type

Security Update

Date and Time

Monday, December 22, 2014 - 17:21

Reason

Security Update

Impact

Mac OS X Users

WHAT HAPPENED?

Apple released a security update to address a "critical security issue" with the Network Time Protocol (NTP) service on OS X.

Advanced Users: For a complete description of the security enhancement and affected software refer to Apple’s About OS X NTP Security Update at http://support.apple.com/en-us/HT6601.


AFFECTED SYSTEMS:

  • OS X Mountain Lion v10.8.5
  • OS X Mavericks v10.9.5
  • OS X Yosemite v10.10.1


At this time, IT is recommending against upgrading to Yosemite until IT is able to fully test compatibility and confirm vendor support with standard supported software.


WHAT'S THE PROBLEM?

NTP service is widely used and exploitation of the vulnerability may allow a remote attacker to execute malicious code.


HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If IT Field Services or you have other IT support, no action on your part is required.
  2. If you do not have IT support, updates for:
  • To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:
  • Mountain Lion: ntp-77.1.1
  • Mavericks: ntp-88.1.1
  • Yosemite: ntp-92.5.1
  • Updates may be obtained from http://www.apple.com/softwareupdate/.



RELATED LINKS