Information
The Apple System Preference setting to 'Set date and time automatically' enables both an NTP client that can synchronize the time from known time server(s) and an open listening NTP server that can be used by any other computer that can connect to port 123 on the time syncing computer. This open listening service can allow for both exploits of future NTP vulnerabilities and allow for open ports that can be used for fingerprinting to target exploits. Access to this port should be restricted.
Editing the /etc/ntp-restrict.conf file by adding a control on the loopback interface limits external access.
Solution
Perform the following to implement the prescribed state:
1. Run the following command in Terminal:
sudo vim /etc/ntp-restrict.conf
2. Add the following lines to the file:
restrict lo interface ignore wildcard interface listen lo