Apple releases critical security update for OS X NTP services vulnerability
Apple on Monday pushed out an update addressing a "critical security issue" for OS X concerning a vulnerability discovered in the Network Time Protocol service, affecting Mac users running OS X Yosemite, Mavericks and Mountain Lion.
According to Apple's Support website, the update targets a number of issues with OS X Network Time Protocol daemon (ntpd) software that allows remote attackers to trigger buffer overflows, which can be leveraged to execute arbitrary code on a target Mac. The Google Security Team made the discovery earlier this month.
Users can verify their ntpd version by opening Terminal and typing
Mountain Lion: ntp-77.1.1
Mavericks: ntp-88.1.1
Yosemite: ntp-92.5.1
Users can find the update via Software Update or already downloaded if the "Install system data files and security updates" option is checked in the App Store menu of System Preferences.
According to Apple's Support website, the update targets a number of issues with OS X Network Time Protocol daemon (ntpd) software that allows remote attackers to trigger buffer overflows, which can be leveraged to execute arbitrary code on a target Mac. The Google Security Team made the discovery earlier this month.
Users can verify their ntpd version by opening Terminal and typing
what /usr/sbin/ntpd. With the update installed, users should see the following versions:Mountain Lion: ntp-77.1.1
Mavericks: ntp-88.1.1
Yosemite: ntp-92.5.1
Users can find the update via Software Update or already downloaded if the "Install system data files and security updates" option is checked in the App Store menu of System Preferences.
Comments
[COLOR=blue]This is such an elementary way to break into a system, how could anyone, especially Apple, let it happen in this day and age??[/COLOR]
I don't mean this as an indictment of Apple, I'm seriously asking the question.
I wonder if this means alarms clocks will work this year?
/s
"...buffer overflows, which can be leveraged to execute arbitrary code on a target Mac..."
This is such an elementary way to break into a system, how could anyone, especially Apple, let it happen in this day and age??
I don't mean this as an indictment of Apple, I'm seriously asking the question.
So how would you exploit this? Some elementary sample code would be appreciated.
Seriously asking the question
How interesting. Daniel Eran Dilger's usually the first one to vociferously trumpet such vulnerabilities, especially when they pertain to Android, so I'm surprised he missed this one...
How interesting. Daniel Eran Dilger's usually the first one to vociferously trumpet such vulnerabilities, especially as they pertain to Android, so I'm surprised he missed this one...
I think that either needs a /s or a bunny-rabbit-ears "surprised" emphasis.
I'm not at all surprised.
So how would you exploit this? Some elementary sample code would be appreciated.
Seriously asking the question
Basically you could spoof a time server and send a time update that was longer than the expected response or an argument outside of its expected range and then pass it another argument in the remainder of your string to make it do something else.
if you want to dig into kind of how it would work you can check out
http://www.exploit-db.com/exploits/20727/
This also affects other Unix and Linux operating systems not just Macs.
Yes, the Ubuntu 14.04 LTS update also popped up today.
Everyone, all together now, "Thanks Google for making Apple's products more secure."
Google actually finds a lot of security fixes for OS X if you read the security update release notes. And not just the generic unixy ones but OS X specific ones too, which is great.
If App Store preferences in Yosemite is set to "Install system data files and security updates", will this "security update" be automatically installed?
DED likes to delve into the history of topics so with a time service he'll likely be starting with the Babylonians.
DED likes to delve into the history of topics so with a time service he'll likely be starting with the Babylonians.
Only if he's already written an article about Babylonians so he can cite himself.
I wonder if Apple maintains their own branches of the underlying UNIX software or if they keep them synced with the open source community. Translating all these system tools over to Swift should prevent buffer overflow vulnerabilities but it would make it harder to keep software synced to the versions deployed to other UNIX systems. If Swift was open-sourced itself, perhaps Apple could encourage UNIX developers to migrate at least some tools to Swift so that they get cleaner, shorter, safer code for all platforms.
I wonder if Apple maintains their own branches of the underlying UNIX software or if they keep them synced with the open source community.
A little of Both.
Apple's OpenGL drivers are their own.
When Apple used GCC, they mostly kept in synch just adding a few modules here and there(Until the whole GPLv3 Debacle).
Apple's Samba inclusion for OSX Server I'm fairly positive was just a vanilla package(again until GPLv3 ruined everything)
I imagine the code that Apple lifts from FreeBSD is also at least slightly modified for the OSX environment.
I don't know how apple decides such, but they definitely go both ways.