Apple Patches Snow Leopard with AFP Security Fix

| Product News

Apple released Security Update 2010-006 Monday, a patch that fixes one security issue with Apple Filing Protocol (AFP) in Mac OS X 10.6.4. The issue was a serious one that could allow the bad guys to take over a Mac with file sharing turned on under certain circumstances.

Apple’s patch notes:

Security Update 2010-006
CVE-ID: CVE-2010-1820
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A remote attacker may access AFP shared folders without a valid password
Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.

You can download the update through Software Update. The download is 951KB.

Popular TMO Stories



smallest security update update ...

Lee Dronick

smallest security update update ...

Yes, it downloaded quickly. I also just installed the Flash update.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account