Latest in Apple

Image credit:

Critical flaw forces Apple to push first automatic OS X security update

370 Shares
Share
Tweet
Share
Save

Sponsored Links

A critical security issue in the network time protocol (NTP) has prompted Apple to push an automatic OS X update to users for the first time. Google researchers discovered the flaw which could allow a remote attacker to "send a carefully crafted packet that can overflow a stack buffer and allow malicious code to be executed." NTP is a common protocol that's been successfully hacked before, so the security hole could result in remote DDoS attacks on many UNIX-based systems, including Linux servers and OS X. The US government deemed it serious enough to flag it, and at first Apple advised users of Yosemite, Mountain Lion and Mavericks to update "as soon as possible." However, several years ago it introduced an automatic OS X update system that requires no user action, and decided to deploy it for the first time ever. An Apple spokesman told Reuters "the update is seamless. It doesn't even require a restart."

Update: Patrick Nielsen, Senior Security Researcher at Kaspersky told us the vulnerability is quite widespread. "The software is installed on everything from consumer gadgets to critical infrastructure; it's possible to execute malicious code on both servers and clients, a dream situation for worms which can spread very quickly by compromising servers and then all their clients," he said. What's more, many firewalls don't block attacks against NTP servers, especially in corporate networks.

Source: Reuters
In this article: apple, automaticUpdates, flaw, NTP, OSX, patch, Security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
370 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Yamaha updates its THR desktop guitar amps for the first time in years

Yamaha updates its THR desktop guitar amps for the first time in years

View
Facebook’s latest AI experiment helps you pick what to wear

Facebook’s latest AI experiment helps you pick what to wear

View
iFixit's iPhone 11 Pro Max teardown investigates charging rumors

iFixit's iPhone 11 Pro Max teardown investigates charging rumors

View
TiVo wants to make a comeback with $50 Android TV dongle

TiVo wants to make a comeback with $50 Android TV dongle

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr