| Author |
Message |
|
pcernie
Legend
Joined: Sun Apr 26, 2009 12:30 pm
Posts: 45931
Location: Belfast
|
_________________Plain English advice on everything money, purchase and service related:
http://www.moneysavingexpert.com/
|
| Tue Dec 23, 2014 3:48 pm |
|
|
|
steve74
Doesn't have much of a life
Joined: Fri Apr 24, 2009 12:43 pm
Posts: 1798
Location: Manchester
|
This popped up in the App Store on my Mavericks 10.9 Macbook and iMac, except it wasn't an automatic update, completely optional if you so wished - so that part of the article is complete bollox. Still, they never let the truth get in the way of a good story.
_________________
* Steve *
* Witty statement goes here *
|
| Tue Dec 23, 2014 11:11 pm |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
Nope. I have two macs. One of them it showed up in software update and I installed it the same way any update would be. The other, I went back to it after a day away and there was a notification saying it had already been installed. I didn't click a thing.
I don't really mind security updates being applied automatically but it does make me wonder exactly what was broken in their NTP client that required a patch of such urgency.
Jon
|
| Wed Dec 24, 2014 12:26 am |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
Buffer overflow or similar. The NTP service runs with relatively high privileges anyway, as it needs to change the system time. The bug allowed an exploit, which allowed attackers to gain remote control over the affected Mac.
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Wed Dec 24, 2014 8:57 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
Docs say it's this one - CVE-2014-9295. Would it be wise to assume other Unix systems running NTP < 4.2.7 are also vulnerable?
Last edited by jonbwfc on Wed Dec 24, 2014 3:10 pm, edited 1 time in total.
|
| Wed Dec 24, 2014 10:18 am |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
That is the one. It has been addressed in most Linux distributions already, by the look of it.
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Wed Dec 24, 2014 12:21 pm |
|
|
