Time to be worried?
My iMac notified me it had installed a security update. I checked to see what it affected and it’s something to do with Network Time. This fix is great and all, but I have an older iMac running Snow Leopard that I use for applications that need Rosetta. Is this machine vulnerable? Dan Renfrew The vulnerability was in the ntpd daemon that keeps the system clock synchronised over the internet. A hacker could in theory have tricked OS X into executing some malicious code. There aren’t any known cases of anyone exploiting this bug as yet, but it’s theoretically possible that any unpatched OS X machine could be affected. Apple has been able to push security patches, without waiting for you to run Software Update, since Mountain Lion, but this is the first time it has taken advantage of it.
Unfortunately there is no patch available for older versions of OS X at the time of writing. If you are concerned, you can open Date & Time preferences and untick the box marked ‘Set date and time automatically’. This will unload the ntpd daemon altogether, as you can see by opening Activity Monitor and searching for ntpd.