OS X NTP Security Update – What About OS Versions Older Than Mountain Lion?

Last week, Apple released the OS X NTP Security Update patch for the three most recent versions of the OS, deeming it important enough to make it the company’s first-ever automatic system update for users who had that option enabled on their computers. My MacBook Air running OS X v10.9.5 Mavericks was automatically updated in the background before I noticed.

The update patch, which Apple recommends for all users, addresses a vulnerability that could allow a remote attacker to execute arbitrary code due to several issues existed in ntpd that would let such an attacker trigger buffer overflows — issues that have been addressed through improved error checking, and was issued for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1. But not for OS X v10.7 Lion, or v10.6 Snow Leopard, which, especially the latter which still have a substantial user base (including this writer) thanks to Snow Leopard’s end of the line capability to support older Mac software ported to OS X using Carbon running under Rosetta emulation.

So what about it? Happily, if you still are running an older version on a machine containing security sensitive data, Topher Kessler over at MacIssues has posted a tutorial Walking readers through how to manually patch NTP for OS X 10.6 and 10.7 using the Terminal. You can check it out at:
http://bit.ly/13Mwvrn

The Downloadable or automatic update supports the following versions:

Mountain Lion: ntp-77.1.1
File Size: 1.9 MB
System Requirements
OS X Mountain Lion v10.8.5
http://support.apple.com/kb/DL1781

Mavericks: ntp-88.1.1
File Size: 2.0 MB
System Requirements
OS X Mavericks v10.9.5
http://support.apple.com/kb/DL1783

Yosemite: ntp-92.5.1
File Size: 2.1 MB
System Requirements
OS X Yosemite v10.10.1
http://support.apple.com/kb/DL1782

For more information on the security content of this update see http://support.apple.com/kb/HT1222

Links above take you to retailer's website. MacPrices is a verified Apple affiliate.