| x404.co.uk http://www.x404.co.uk/forum/ |
|
| Critical flaw forces Apple to push automatic update http://www.x404.co.uk/forum/viewtopic.php?f=19&t=23109 |
Page 1 of 1 |
| Author: | pcernie [ Tue Dec 23, 2014 3:48 pm ] |
| Post subject: | Critical flaw forces Apple to push automatic update |
http://www.techradar.com/news/security- ... er-1278217 |
|
| Author: | steve74 [ Tue Dec 23, 2014 11:11 pm ] |
| Post subject: | Re: Critical flaw forces Apple to push automatic update |
This popped up in the App Store on my Mavericks 10.9 Macbook and iMac, except it wasn't an automatic update, completely optional if you so wished - so that part of the article is complete bollox. Still, they never let the truth get in the way of a good story. |
|
| Author: | jonbwfc [ Wed Dec 24, 2014 12:26 am ] |
| Post subject: | Re: Critical flaw forces Apple to push automatic update |
Nope. I have two macs. One of them it showed up in software update and I installed it the same way any update would be. The other, I went back to it after a day away and there was a notification saying it had already been installed. I didn't click a thing. I don't really mind security updates being applied automatically but it does make me wonder exactly what was broken in their NTP client that required a patch of such urgency. Jon |
|
| Author: | big_D [ Wed Dec 24, 2014 8:57 am ] |
| Post subject: | Re: Critical flaw forces Apple to push automatic update |
Buffer overflow or similar. The NTP service runs with relatively high privileges anyway, as it needs to change the system time. The bug allowed an exploit, which allowed attackers to gain remote control over the affected Mac. |
|
| Author: | jonbwfc [ Wed Dec 24, 2014 10:18 am ] |
| Post subject: | Re: Critical flaw forces Apple to push automatic update |
Docs say it's this one - CVE-2014-9295. Would it be wise to assume other Unix systems running NTP < 4.2.7 are also vulnerable? |
|
| Author: | big_D [ Wed Dec 24, 2014 12:21 pm ] |
| Post subject: | Re: Critical flaw forces Apple to push automatic update |
That is the one. It has been addressed in most Linux distributions already, by the look of it. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|