Apple Patches Snow Leopard with AFP Security Fix

· by · Product News

Apple released Security Update 2010-006 Monday, a patch that fixes one security issue with Apple Filing Protocol (AFP) in Mac OS X 10.6.4. The issue was a serious one that could allow the bad guys to take over a Mac with file sharing turned on under certain circumstances.

Apple’s patch notes:

Security Update 2010-006
AFP
CVE-ID: CVE-2010-1820
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A remote attacker may access AFP shared folders without a valid password
Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.

You can download the update through Software Update. The download is 951KB.

Bryan Chaffin

Bryan Chaffin

Bryan is the cofounder of The Mac Observer and currently serves as Afternoon Editor. He has contributed to MacAddict and MacFormat magazines, and coauthored Incredible iPad Apps for Dummies with Bob "Dr. Mac" LeVitus.

You can find out more about Bryan at his personal site, GeekTells, or follow him on Twitter @TMOBryan.

Sign Up for the Newsletter

Enter a valid email address

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Adding to list…

2 Comments

Khaled

smallest security update update ...

Lee Dronick

smallest security update update ...

Yes, it downloaded quickly. I also just installed the Flash update.

Add your comment

Remember my personal information

Notify me of follow-up comments?