Apple has today made available Security Update 2010-006 for Mac OS X 10.6.4 and Mac OS X Server 10.6.4 in order to patch a vulnerability that would allow malicious individual to access the AFP shared folders remotely without a password.
Apple describes the issue as:
“An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6.”
As usual, the new update is available through the Software Update application. To learn more about this particular update, visit the Apple Support page.
Download Apple Security Update 2010-006 for Mac X 10.6.4
via TUAW