Apple has issued an update today aimed to address a critical security issue with OS X’s Network Time Protocol service. The update is recommended to be installed “as soon as possible” for all users.
According to Apple’s support page, the fix patches up a vulnerability that could allow an attacker to remotely run code on the system:
Impact: A remote attacker may be able to execute arbitrary code
Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
You should check as soon as possible for the patch through the “updates” section of the Mac App Store.
Source: Apple