Skip to content

September 23, 2010

Mac OS X Security Update 2010-006 (AFP)

Apple this week released Security Update 2010-006 to patch a vulnerability in Apple Filing Protocol (AFP) – also known as File Sharing – which could allow an attacker to gain access to shared folders without a password. This only affects Mac OS X 10.6, Mac OS X Server 10.6, and File Sharing is disabled by default.

  • AFPCVE-ID: CVE-2010-1820

    Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4

    Impact: A remote attacker may access AFP shared folders without a valid password

    Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Pike School in Massachusetts for reporting this issue.

Share your thoughts, post a comment.


Note: HTML is allowed. Your email address will never be published.

Subscribe to comments