The threat which made the fix necessary is a flaw in Network Time Protocol (NTP), a service used to keep a Mac’s system clock synchronized. A buffer overflow exploit became public knowledge last week, and a properly constructed attack using the flaw could remotely execute code on a target system.
Google originally discovered the problem, and it was highlighted by a U.S. Government security notification on December the 19th. Why was Google trying to find flaws in Apple’s code? Actually, NTP doesn’t belong to Apple at all. It’s a open-source protocol that’s available to a wide variety of computers, servers and other networked devices. Few security flaws have appeared in the protocol over the years, but any discovered automatically becomes severe because of NTP’s widespread use.
While there isn’t a current, known threat that’s taking advantage of this flaw to target OS X, the severity and ubiquity of the flaw means everyone should update as soon as possible. If you didn’t see the “Security Update Installed” message on your Mac this morning open the Mac App Store and check the Updates section. You should see “OS X NTP Security Update” listed as installed or ready to install.Image credit: 360b/Shutterstock
- Common iOS 13 problems and how to fix them (iOS 13.3.1 update)
- 5 reasons your MacBook keeps restarting and how to fix the issue
- Common Chromebook problems, and how to fix them
- The best free antivirus platforms for Mac in 2020
- Windows 10 vs. MacOS vs. Chrome OS