{"id":11970,"date":"2014-12-22T13:37:00","date_gmt":"2014-12-22T21:37:00","guid":{"rendered":"http:\/\/37prime.wordpress.com\/?p=11970"},"modified":"2014-12-22T13:37:00","modified_gmt":"2014-12-22T21:37:00","slug":"apple-issues-patch-for-critical-ntp-vulnerability","status":"publish","type":"post","link":"https:\/\/37prime.com\/news\/2014\/12\/22\/apple-issues-patch-for-critical-ntp-vulnerability\/","title":{"rendered":"Apple Issues Patch for Critical NTP Vulnerability"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-14985\" src=\"http:\/\/37prime.com\/news\/wp-content\/uploads\/2014\/12\/Apple-NTP-Security-Update-20141222.jpg\" alt=\"Apple NTP Security Update 20141222\" width=\"1000\" height=\"249\" \/><\/p>\n<p>Apple issues\u00a0OS X\u00a0<a href=\"https:\/\/support.apple.com\/en-us\/HT6601\" target=\"_blank\">NTP Security Update<\/a>\u00a0for\u00a0<a href=\"http:\/\/support.apple.com\/kb\/DL1781\" target=\"_blank\">Mountain Lion<\/a>,\u00a0<a href=\"http:\/\/support.apple.com\/kb\/DL1783\" target=\"_blank\">Mavericks<\/a>\u00a0and\u00a0<a href=\"http:\/\/support.apple.com\/kb\/DL1782\" target=\"_blank\">Yosemite<\/a>.<\/p>\n<blockquote><p>OS X NTP Security Update<br \/>\nntpd<\/p>\n<p>Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1<\/p>\n<p>Impact: A remote attacker may be able to execute arbitrary code<\/p>\n<p>Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.<\/p>\n<p>To verify the ntpd version, type the following command in Terminal: what \/usr\/sbin\/ntpd. This update includes the following versions:<\/p>\n<p>Mountain Lion: ntp-77.1.1<br \/>\nMavericks: ntp-88.1.1<br \/>\nYosemite: ntp-92.5.1<\/p>\n<p>CVE-ID<\/p>\n<p>CVE-2014-9295 : Stephen Roettger of the Google Security Team<\/p><\/blockquote>\n<p>From ICS-CERT:<\/p>\n<blockquote><p>Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT\/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC\/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.<\/p>\n<p>These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.<\/p>\n<p>Products using NTP service prior to NTP-4.2.8 are affected. No specific vendor is specified because this is an open source protocol.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Apple issues\u00a0OS X\u00a0NTP Security Update\u00a0for\u00a0Mountain Lion,\u00a0Mavericks\u00a0and\u00a0Yosemite. OS X NTP Security Update ntpd Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: A remote attacker may be able to execute arbitrary code Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/37prime.com\/news\/2014\/12\/22\/apple-issues-patch-for-critical-ntp-vulnerability\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Apple Issues Patch for Critical NTP Vulnerability&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[381,2189,2229,2648,2748,936],"class_list":["post-11970","post","type-post","status-publish","format-standard","hentry","category-news","tag-apple","tag-ntp","tag-os-x","tag-security","tag-software-updates","tag-tech"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pcNtU-374","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/11970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/comments?post=11970"}],"version-history":[{"count":0,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/11970\/revisions"}],"wp:attachment":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/media?parent=11970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/categories?post=11970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/tags?post=11970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}