Apple has pushed out an update to address a “critical security issue: for OS X. The patch fixes a vulnerability discovered in the Network Time Protocol service. The patch is for OS X Yosemite, Mavericks, and Mountain Lion.
The update targets issues with OS X Network Time Protocol daemon (ntpd) software that allows remote attackers to trigger buffer overflows, which can be leveraged to execute arbitrary code on a target Mac.
After installing the update, users can verify their ntpd version by running Terminal and entering “what /usr/sbin/ntpd". (Without the quotation marks.) If the update is properly installed, users should see the following:
For Mountain Lion: ntp-77.1.1
For Mavericks: ntp-88.1.1
For Yosemite: ntp-92.5.1
The update can be installed via Software Update in the Mac App Store.
