The threat which made the fix necessary is a flaw in Network Time Protocol (NTP), a service used to keep a Mac’s system clock synchronized. A buffer overflow exploit became public knowledge last week, and a properly constructed attack using the flaw could remotely execute code on a target system.
Related: Apple’s CEO promises new security after iCloud hack
Google originally discovered the problem, and it was highlighted by a U.S. Government security notification on December the 19th. Why was Google trying to find flaws in Apple’s code? Actually, NTP doesn’t belong to Apple at all. It’s a open-source protocol that’s available to a wide variety of computers, servers and other networked devices. Few security flaws have appeared in the protocol over the years, but any discovered automatically becomes severe because of NTP’s widespread use.
While there isn’t a current, known threat that’s taking advantage of this flaw to target OS X, the severity and ubiquity of the flaw means everyone should update as soon as possible. If you didn’t see the “Security Update Installed” message on your Mac this morning open the Mac App Store and check the Updates section. You should see “OS X NTP Security Update” listed as installed or ready to install.
Image credit: 360b/ShutterstockEditors' Recommendations
- Don’t download the latest macOS Ventura update just yet
- Apple quietly backtracks on the MacBook Air’s biggest issue
- How to change your Mac’s screen resolution in macOS Ventura
- All the best macOS Sonoma tips and tricks you need to know
- How to add and use desktop widgets in macOS Sonoma
