Apple plugs Mac OS X information stealing hole

Apple has pushed out a Mac OS X security update to plug a security hole that allows access to shared folders without a valid password.

Apple has pushed out a Mac OS X security update to plug a security hole that allows access to shared folders without a valid password.

The vulnerability, which can be exploited remotely, occurs because of an error handling issue in the AFP server, the company warned in a brief advisory.

The skinny:

  • CVE-2010-1820 (available for  Mac OS X v10.6.4 and Mac OS X Server v10.6.4)
    • An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6.

The patch is available via the Mac OS software update pane in System Preferences.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All