back to article Apple scuttles NTP flaw in OS X – with 'first ever' silent auto update

Apple has slipped out an update to address the Network Time Protocol (NTP) vulnerability in its OS X operating system. And it seems the patch will be applied automatically and silently to vulnerable machines. Apple said the fix will protect Macs from the recently publicized flaw in the handling of NTP connections. The …

  1. Anonymous Coward
    Anonymous Coward

    Apple "recommends"?

    This one came up as a notification, but without any possibility to validate it or to check afterwards what it was (normally you find some reference to an update in the app store "update" section).

    I'm not impressed by that delivery method. I'm glad it's there, but I prefer to have some more information before I approve such an update which this delivery made impossible.

    Must do better.

    1. DJV Silver badge

      Re: Apple "recommends"?

      That's weird - I didn't get a notification - it came up in the normal App Store updates with a full explanation instead. Another mystery that, no doubt, will never be explained!

    2. Albert Hall

      Re: Apple "recommends"?

      Try checking your settings in the Software Update pane in System Preferences. (I think Yosemite has a separate App Store pane in the same location). On my OS X 10.8 systems, Automatic Updates was ticked by default. Annoying that there's no link to Prefs in the App Store app itself.

      Happy Yule.

    3. DJV Silver badge

      Re: Apple "recommends"?

      Ah, now this explains it! I turned my Mac on after hearing about the update and immediately ran a check for updates. I suspect if I had not done that deliberate check then it would have done the notification update instead.

  2. Anonymous Coward
    Anonymous Coward

    Solaris

    What about xntpd? Is that affected by this?

    1. Destroy All Monsters Silver badge

      Re: Solaris

      Does that even still exist?

  3. Anonymous Coward
    Anonymous Coward

    Patch is to 10.10.1 only!

    As i was still running 10.10.0 i got nothing to indicate any critical update, just the old prompt to go to 10.10.1.

    I don't know why Apple set this to only install on 10.10.1, as all the update does is replace the ntp binaries, misc conf files, and man pages. I have manually installed myself under 10.10 and it works.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like