Jump to content

Critical flaw forces Apple to push automatic Mac update for first time ever


Recommended Posts

http://cdn.mos.techradar.com/art/TRBC/Software/Yosemite/Finder%201-470-75.jpg

Vulnerabilities in the ubiquitous Network Time Protocol (NTP) service have forced Apple to issue its first-ever automated security update for Mac OS X, a process that is common on Microsoft's Windows platform.

Apple has included that mechanism in its last three operating systems and is using it as a last-resort intervention.

The weaknesses were unearthed by Google researchers last week and have since been published by the US Department of Homeland Security as well as the Carnegie Mellon University Software Engineering Institute.

The Mac OS X update, which a spokesperson said is seamless and doesn't require a restart, will roll out on 10.10 Yosemite, 10.9 Mavericks, and 10.8 Mountain Lion.

Time splitters

NTP is used primarily to synchronise time on devices across networks and is a fundamental component of any connected operating system.

While there is no risk of data being compromised, it allows any remote attacker that uses a particular payload to execute malicious code, something that might be particularly useful to mount DDoS attacks.

NTP-based attacks usually cause more havoc because of a so-called amplication factor where a query sent by a device gets a response that's 1000x larger.

http://rss.feedsportal.com/c/669/f/415085/s/41b7204b/sc/4/mf.gif


http://da.feedsportal.com/r/216443199540/u/49/f/415085/c/669/s/41b7204b/sc/4/rc/1/rc.img
http://da.feedsportal.com/r/216443199540/u/49/f/415085/c/669/s/41b7204b/sc/4/rc/2/rc.img
http://da.feedsportal.com/r/216443199540/u/49/f/415085/c/669/s/41b7204b/sc/4/rc/3/rc.img

http://da.feedsportal.com/r/216443199540/u/49/f/415085/c/669/s/41b7204b/sc/4/a2.imghttp://pi.feedsportal.com/r/216443199540/u/49/f/415085/c/669/s/41b7204b/sc/4/a2t.imgZp2FVh-1NZE
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...