Craig Federighi, Apple Inc. Senior Vice President of Software Engineering Speaks on Stage During an Apple Event in San Francisco
Craig Federighi, Apple Inc. Senior Vice President of Software Engineering speaks on stage during an Apple event in San Francisco, California. Reuters Reuters

Apple's new security update addresses a crucial security problem on OS X. Apple has released a fix specifically for the bug causing problems in the Network Time Protocol service. According to Apple, users of Yosemite, Mavericks and Mountain Lion should download and install the update as quickly as they can. MacRumors also reported that the update offers a fix on the issue cited by the U.S. Government.

On Dec. 19, the American government issued a notice about the bug initially identified by Google's Security Team. According to the official document from the government, Google Security Team personnel Neel Mehta and Stephen Roettger found a number of vulnerabilities related to CERT/CC and under the NTP. The main concern is that NTP remains a widely used component of operational Industrial Control Systems deployments.

If the problems are not addressed, then tapping into these vulnerabilities will allow attackers to launch privileged arbitrary codes in relation to the ntpd process. Overall impact may depend on the industry or organisation but this does not change the fact that the vulnerability should be addressed. The more alarming concern about this is that resources that can be used to exploit these vulnerabilities can be accessed publicly.

The Register added that Apple further clarified the update is necessary because exploiting the issue will allow attackers to launch remote code execution. Apple discussed that it is best to update the OS X because it is not exempted from the threat. If attackers are successful enough to breach the flaw, then Mac systems can be run without consent. This risks considerable confidential and personal information out in the open. Apart from addressing the flaw pointed out by the government, the Cupertino giant also rolled out a second fix to address error checking to monitor and determine malformed code before it can prompt buffer overflow.

For administrators not confident if their systems are patched already, they can test their NTP version through the Terminal command: "what /usr/sbin/ntpd". As for those working with Mountain Lion, then they can check out their ntp-77.1.1 under the update build. Patched version for Yosemite is 92.5.1 and 88.1.1 for Mavericks.

To report problems or to leave feedback about this article, email p.silva@ibtimes.com.au.