On Monday, Apple released its Security Update 2010-006 patch, a tiny 1.8 megabyte download that fixes one specific bug in Mac OS X 10.6.4’s AFP file sharing implementation that could allow remote attackers to bypass the password validation system if they know the name of an account on the Mac.
Fortunately, previous versions of Mac OS X are not affected and only client users need the update.
The update can be snagged and installed via Mac OS X’s Software Update feature and requires Mac OS X 10.6.4 or later to install and run.
2 replies on “Apple releases Security Update 2010-006 for Mac OS X 10.6 users”
Haven’t applied this to any Mac OS X 10.6.4 clients yet. I did apply on a Mac Mini Server (Mid 2010), which was only running AFP and SMB. Upon restart, client AFP connections were made, but no share points appeared. I stopped/restarted AFP without resolve.
Then I did a second restart, and another stop/restart of AFP, then client Macs could connect AND see expected share points. Hope this helps others who might encounter the same behavior.
This update caused all my folders to be locked