APPLE HAS ISSUED a fix for a "critical security issue" in OS X following the discovery of a vulnerability in the Network Time Protocol which affects the Yosemite, Mavericks and Mountain Lion operating systems.
The bug, revealed earlier this month, could allow hackers to execute arbitrary code on systems not updated with the fix, and trigger buffer overflows while using OS X Network Time Protocol daemon (NTPD) privileges.
The exploit, named CVE-2014-9295, was uncovered by Stephen Roettger of the Google Security Team earlier this month, but Apple didn't issue a fix straight away because the firm likes to be sure that the flaw is authentic.
"For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," said Apple on its support page.
The update is available now for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1.
Users can find the update via Software Update. It will have already downloaded if the 'Install system data files and security updates' option is checked in the App Store menu of System Preferences.
Those who want to verify their NTPD version can do so by opening Terminal and typing what /usr/sbin/ntpd. If the the update is already installed, users should see the following versions:
Mountain Lion: ntp-77.1.1
Apple hasn't had the best luck with security in recent months, which is unusual as the firm is renowned for its tough defences against the vulnerabilities that affect operating systems like Windows.
The company beefed up its iCloud security in October, adding per-application passwords for third-party apps that don't support two-factor authentication following the high-profile celebrity iCloud hack in September.
The most recent addition is app-specific passwords to guard against exposure of a user's iCloud details. µ
Being in a minority of one doesn't make you right
WeWork needs a rework
Because who wants any surprises
Viv-oh no they didn't