Huntsville Macintosh Users Group
Mac News That Matters
BSD | Darwin | How Tos | Linux | man Pages | UNIX/Security News | Site Index

Security Alert: ntp < 4.2.8

(2014-12-20)

ntp (Network Time Protocol) versions less than 4.2.8 have serious security issues. Older versions of NTP can be used easily in "reflection attacks" to initiate distributed denial of service (DDoS) attacks. These vulnerabilities can be exploited remotely and exploits are already publicly available.
See Security Notice for details.
OS X versions Lion/10.7 through Yosemite/10.10 have ntp version 4.2.6. Leopard/10.5 and Snow Leopard/10.6 have version 4.2.4p4.
At this point ntp 4.2.8 is not available for the OS X platform. Currently the best option is to turn off "Set date and time automatically" in the Date & Time Preference Pane.

User Group Logo