14 DAY TRIAL // Apple has released an express security update for all Mac users running OS X 10.6 Snow Leopard, including Server users, addressing a single issue that could result in a remote attack accessing AFP shared folders without a valid password.
Over at the Support / Downloads area of its web site, Apple discusses Security Update 2010-006 as follows:
About Security Update 2010-006 (Snow Leopard)
Security Update 2010-006 is recommended for all users and improves the security of Mac OS X.
For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222.
By taking a trip to the Support document linked by Apple, customers learn that Security Update 2010-006 is available for Mac OS X v10.6.4, and Mac OS X Server v10.6.4, and prevents a remote attacker from accessing AFP shared folders without a valid password.
“An error handling issue exists in AFP Server,” goes Apple’s official description of the bug in question.
“A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders,” the Mac maker notes.
“By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6,” the description ends.
Apple doesn’t credit any third-party for finding / reporting this vulnerability, therefore it is reasonable to assume it was found by one of its own developers during Mac OS X Snow Leopard beta testing.
Speaking of which, Mac OS X 10.6.5 Build 10H542 is reportedly the latest seed from Cupertino, which asks Apple’s vast developer community to continue focusing its testing efforts on improving the software.
Unlike previous seeds, Apple included a lengthy list of changes.
According to people familiar with the new build, the Mac maker mentioned improved reliability with Microsoft Exchange servers, resolved issues with tasks like printing and dragging items from one place to another, as well as enhanced graphics and performance for applications and games.