We're now part of 57Digital Ltd - click here to visit now

Apple Releases Tiny Patch to Fix Serious Mac OS X Security Flaw

There’s a new “critical security issue” out there affecting the Network Time Protocol service on OS X, but Apple already has a patch ready for you to install. The Cupertino company is asking that anyone who’s running Yosemite, Mavericks, and Mountain Lion download the update “as soon as possible.” And you should. After all, it’s just a little tiny thing.

Specifically, it weighs in at a mere 1.4 MB, so you shouldn’t spend hours worrying about whether you want to bother downloading it. Just do it. Fascinatingly enough, the vulnerability itself was discovered by the Google Security Team back on December 19, and the U.S. Government alerted users of it only a couple of days later.

The dangers of the vulnerability are a little complex and the government’s ICS-CERT site is a little vague about the whole affair:

“Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP),” ICS-CER’s site says. “As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices.”

The big danger here is that “Exploits that target these vulnerabilities are publicly available,” and malicious-minded folks can exploit those vulnerabilities remotely. You can download the patch right now by selecting Software Update from the Apple menu or by going directly to the updates section of the Mac App Store; it should be listed as the latest Security Update.

Follow this article’s writer, Leif Johnson, on Twitter.

News

Other articles:

We develop applications for the iPhone, iPod and now the iPad. We are based in the UK, contact us to discuss your project or email us on the contact page.

Leave a Reply