Apple patches AFP security on Snow Leopard

Apple on Monday released Security Update 2010-006, which targets a hole with AFP (Apple Filing Protocol) shared folders on Snow Leopard client systems as well as Snow Leopard Server.

Apple on Monday released Security Update 2010-006, which targets a hole with AFP (Apple Filing Protocol) shared folders on Snow Leopard client systems as well as Snow Leopard Server. Someone with only the knowledge of an account's name could access shared folders without entering a password, Apple said.

Impact: A remote attacker may access AFP shared folders without a valid password

Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All