There was an advisory a few days ago. I think Linux distributions have seen ntpd updates as well. https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
Says remote attacker can gain control with privileges of ntpd. From: Paul Conlin via Af Sent: Tuesday, December 23, 2014 8:51 AM To: [email protected] Subject: [AFMUG] OT Apple pushes mandatory NTP upgrade to MacOS http://www.reuters.com/article/2014/12/23/us-apple-cybersecurity-idUSKBN0K108W20141223 Interesting that the NTP vulnerability could allow hackers to take control of the computer. Must be a buffer overflow or something because allowing NTP to take over the computer is a really big hole. Wow. Not optional. No user intervention required. No restart. Not sure if it is stealthy or if the user gets notified. I must have missed the story where Apple made this possible a couple of years ago. If Microsoft pushed a mandatory update there would be riots in the streets, mass hysteria in the media and the EU would likely fine them $100M for human rights violations or something. Somehow Apple comes off as a responsible steward valiantly standing watch over the flock. PC Blaze Broadband
