Apple releases OS X software update for critical security flaw

Critical security flaw in network time protocol (NTP), prompts Apple to issue an automatic OS X update for the first time ever.

Published Date
23 - Dec - 2014
| Last Updated
23 - Dec - 2014
 
Apple releases OS X software update for critical security flaw

Apple has released a new security update to address a "critical security issue" with the Network Time Protocol service on OS X. The electronics giant recommends that all Yosemite, Mountain Lion and Mavericks users install the update "as soon as possible."

The security flaw was discovered by Google researchers earlier this year and could allow a remote attacker to "send a carefully crafted packet that can overflow a stack buffer and allow malicious code to be executed." Earlier this month, the flaw was made public by the Department of Homeland Security, where dozen of tech companies including Apple, whose products might be vulnerable were identified.

Apple had decided to deliver the NTP bug fixes with its automatic security updates, which it has introduced two years ago. An Apple spokesman stated that "the update is seamless. It doesn't even require a restart."

Apple has faced several vulnerabilities this year, raising questions about iOS security. Recently, cyber security company FireEye has found 'Masque Attack' that could allow hackers to use Web pages and emails to dupe users into downloading fake apps. Another attack called "WireLurker," was also discovered that is based on the same vulnerability as Masque Attack. The bug originated at a Chinese third party apps website and affected thousands of users. Apple had issued a warning users to download programs only from trusted sources to safeguard themselves against malware.

In September Apple's iCloud was hacked by cyber criminals and many celebrities photos were stolen. Apple stated that the hackers had obtained the users’ passwords through “phishing attacks” or by guessing at the answers to security questions that allowed access, but denied a breach in its servers.

Source: Reuters