Is your Mac vulnerable to the NTP hack?

Security threats are a new concept for Apple Mac users and their once impregnable and uninfectable computer is now looking increasingly like an attractive target for malware authors and hackers. No longer is it possible to ignore security issues and the Mac and OS X are vulnerable in ways we are only beginning to see. The latest threat is an NTP hack.

Network Time Protocol is an internet service that is used to synchronise the time across computers so they are all the same. Computers that have the wrong time can display all sorts of weird problems, as people discover when something goes wrong with the system’s ability to keep the correct time.

There is a bug in OS X Mountain Lion, Mavericks and Yosemite that could enable a hacker to execute arbitrary code on the Mac. In other words, they can get into your Mac and cause trouble or steal data.

Check the NTP version

So how can you tell whether your Mac is at risk? Go to the Applications/Utilities folder and open Terminal. At the command prompt, enter:

what /usr/sbin/ntpd

Here are the versions you should have:

  • Mountain Lion: ntp-77.1.1
  • Mavericks: ntp-88.1.1
  • Yosemite: ntp-92.5.1

Here is the result of running this command on my Mac:

Check the NTP version

You can see that the NTP version is out of date - ntp-92 instead of ntp-92.5.1 - and so the Mac is vulnerable. Apple pushed out an update to NTP to fix this security flaw and if you have configured your Mac to automatically download and install updates, you should have it. However, if automatic updates are turned off, you won’t.

Open the Mac App Store and select the Updates icon in the toolbar. It will scan the Mac and check for missing updates. Here it has found the NTP fix and it can be downloaded and installed:

Mac security updates

Running that command in Terminal afterwards shows the correct version for NTP. The Mac is secure (well, at least until the next security flaw hits the headlines).

Check the NTP version in OS X

Operating system updates are important and if they are not set to automatically download and install, you should manually check for them regularly. If you miss one, your Mac could be at risk from hackers or the latest malware threats.

More information

 

Share

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Related items you will like...