Earlier this week, Apple Apple pushed its first automatic security update to Mac users. The security update plugged a vulnerability in the OS X operating system connected to the network time protocol (NTP). Security experts discovered that the vulnerabilities in the NTP could have been exploited by hackers to gain remote control of Mac computers. The network time protocol is used to synchronize clocks on Mac computers.
Hypothetically, remote hackers could have used the NTP vulnerability to send packets of data that overflows stack buffers and allows malicious code to be executed. The Apple software update was sent out without requiring users to accept the changes. However, Apple sent notifications to users that successfully received the security update. Restarting the computer was not necessary for users to install the security update.
Apple issued the security update after information about the vulnerabilities were published by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute, according to Reuters. Neel Mehta and Stephen Roettger of the Google Google Security Team Team originally discovered the vulnerability, which was reported to the Industrial Control Systems Cyber Emergency Response Team. The security vulnerability, known as CVE-2014-9295, also affects the Linux and Unix operating systems.
The issue affects operating systems that runs NTP4 prior to 4.2.8, according to Ars Technica. When Apple launched the Snow Leopard operating system in 2009, they also created a database of malware definitions on Macs that prevents users from installing viruses. This feature is called File Quarantine (also known as XProtect).
Apple developed an automatic patching system a couple of years ago, but it was not used until the NTP issue came up. Apple generally asks for permission from the user to update their operating system. Apple said that it has not received any reports of an incident where a Mac computer was targeted by hackers due to the NTP vulnerability. If you do not want to receive automatic updates, you can go to Systems Preferences —> App Store —> uncheck "Install system data files and security updates."
No comments:
Post a Comment