Time for another security update, folks. Apple has just released the Security Update 2010-006 for Snow Leopard (server and client versions) which is available here or, as usual, in Software Update.
The update addresses an issue where AFP shared folders could be accessed by a remote attacker using an invalid password. Go update. Or, check out the full update description below.
Security Update 2010-006
AFP
CVE-ID: CVE-2010-1820
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A remote attacker may access AFP shared folders without a valid password
Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.