NTP Critical Security Update for OS X Released by Apple, All Mac Users Should Install Now
Apple has issued a critical security update to OS X users aimed at patching an exploit with the network time protocol on most Macs. The update is labeled urgently as “Install this update as soon as possible” rather than a traditional name, perhaps indicating the importance of patching the unspecified issue with the Macs NTP.
All Mac users should heed the advice from Apple and take a moment to install the security patch.
Mac users running OS X Yosemite (10.10), OS X Mavericks (10.9), and OS X Mountain Lion (10.8) will find the update available now in the Software Update mechanism of OS X, accessible from the Apple menu and by choosing “Software Update”, the update is only 1.4MB and installs very quickly. Note that if you have automatic updates enabled for system software and security updates, the NTP was possibly installed already for you, but it’s worth checking manually anyway.
The release notes for the security update say: “This update addresses a critical security issue with the software that provides the Network Time Protocol service on OS X, and is recommended for all users”
Apple has reportedly started to automatically push the update to Mac users, according to Reuters. Those who are not sure if they have installed the update can manually check what version of NTP is installed on their Mac by issuing the following command at the Terminal:
Apple discusses the NTP fix here, noting the updated versions will be the following as reported by the ‘what’ command:
Mountain Lion: ntp-77.1.1
Assuming the version reported back is the same as those, the NTP patch has been installed. Some users may have seen the following notification on their Mac desktop, which indicates the patch installed itself:
Though the specific issue with Network Time Protocol (NTP) is not mentioned in the update release notes, the security update for OS X likely pertains to this remote code execution flaw in NTP that was recently discovered by Google employees.
Users should not need to reboot their Macs for any changes to take effect.
This is not necessary, but a geeky extra for those who are curious, users can manually restart the NTP server by unchecking and rechecking the “Set date and time automatically” button within the Date & Time preference panel of OS X, using ntpdate at the command line, or by killing the “com.apple.preference.datetime.remoteservice” process and reloading the Date & Time system preference panel.