Apple pushed out a critical security update for Mac users today, and if your Mac is running Yosemite, Mavericks, or Mountain Lion, you’ll want to install it immediately.
OS X NTP Security Update was released to users via the Mac App Store today and fixes a critical security issue with the software that provides the Network Time Protocol service on OS X.
The release notes don’t mention the specific security problem with NTP being addressed, but it appears Apple is fixing a vulnerability originally discovered by Google’s security team. The U.S. cyber emergency response team reported last week that the exploit allows attackers to execute arbitrary code with the privileges of the ntpd process.
Neel Mehta and Stephen Roettger, the pair of Google researchers that discovered the vulnerability, say that it could be exploited remotely and many exploits that target the vulnerability are already available in the public.
The NTP.org advisory says that a single packet of data is enough to exploit any of the buffer overflow vulnerabilities and “potentially allow malicious code to be executed with the privilege level of the ntpd process.”
Mac users on OS X 10.8 – 10.10 should check the Mac App Store for the update as soon as possible. It can also be downloaded via Software Update in the Apple Menu.