Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,985
17,365



153706-snow_leopard_box_2.jpg


Apple today released Security Update 2010-006, a minor update to Mac OS X Snow Leopard. According to a support document, the update addresses a single issue related to AFP shared folders.
An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.
The update weighs in at 1.93 MB and requires Mac OS X 10.6.4. A system restart is required after installation.

Article Link: Apple Addresses AFP Vulnerability With Security Update 2010-006
 

aarond12

macrumors 65816
May 20, 2002
1,127
78
Dallas, TX USA
That's quite a huge bug. :(

Glad they fixed it, but that kind of thing should have never been allowed to exist in the firstplace.
Why do you think that's such a huge bug? Do you know the account name on my computer? I don't know yours, either. Not only that, you would have to share your computer's files (something you have to do yourself) then open port 548 for the world to see through your router.

-Aaron-
 

derekamoss

macrumors 65816
Jul 18, 2002
1,354
972
Houston, TX
But if I was on the same network as you, you very well might show up in the finder side bar account name and all. For people who file sharing is enabled this is a huge flaw.

Why do you think that's such a huge bug? Do you know the account name on my computer? I don't know yours, either. Not only that, you would have to share your computer's files (something you have to do yourself) then open port 548 for the world to see through your router.

-Aaron-
 

longofest

Editor emeritus
Jul 10, 2003
2,880
1,538
Falls Church, VA
But if I was on the same network as you, you very well might show up in the finder side bar account name and all. For people who file sharing is enabled this is a huge flaw.

Agreed. And even though file sharing may not be enabled my default, I'd venture a decent amount of people have had need to turn it on.
 

overcast

macrumors 6502a
Jun 27, 2007
995
2
Rochester, NY
But if I was on the same network as you, you very well might show up in the finder side bar account name and all. For people who file sharing is enabled this is a huge flaw.

Except you forgot the part where you need to have knowledge of how the hack actually works. The majority of bugs are just not common knowledge or as easy as browsing someone on the same network.
 

derekamoss

macrumors 65816
Jul 18, 2002
1,354
972
Houston, TX
and people have two legs. Of course it isn't common knowledge, that still doesn't not make it a huge security breach. Obviously Apple thought people could figure it out if they released a security update just for this. Does apple normally wait for just one bug? Usually in security updates it is multiple bugs I think.

Except you forgot the part where you need to have knowledge of how the hack actually works. The majority of bugs are just not common knowledge or as easy as browsing someone on the same network.
 

res1233

macrumors 65816
Dec 8, 2008
1,127
0
Brooklyn, NY
and people have two legs. Of course it isn't common knowledge, that still doesn't not make it a huge security breach. Obviously Apple thought people could figure it out if they released a security update just for this. Does apple normally wait for just one bug? Usually in security updates it is multiple bugs I think.

Would you stop putting your quotes at the bottom of your posts like that? It's driving me insane...
 

baryon

macrumors 68040
Oct 3, 2009
3,701
2,268
Didn't know you get credit in the Support Notes for reporting a bug :D time to start bug hunting...
 

RobertMartens

macrumors 65816
Aug 29, 2002
1,175
299
Tokyo, Japan
The update weighs in at 1.93 MB

Did I mention that updates are ones and zeros and have no actual weight. MB refers to the number of ones and zeros in groups of eight. Numbers don't actually weigh anything, so you probably shouldn't write this same trite phrase every time you want to mention how big a file is.

I'm just saying, that's all.
 

matthew12

macrumors regular
Aug 27, 2009
111
227
RE: Apple Addresses AFP Vulnerability With Security Update 2010-006

The update for me registered at only 381 KB, not a few MB.
 

ToM7

macrumors 6502
Sep 8, 2008
337
244
Israel
apple releases an update to itunes too

10.0.1
This release also provides a number of important bug fixes, including:

• Addresses an issue where the picture quality of a video changes depending on whether the on-screen controls are visible.
• Resolves an issue where iTunes may unexpectedly quit while interacting with album artwork viewed in a separate window.
• Fixes a problem that affects the performance of some third-party visualizers.
• Addresses an issue where the iTunes library and playlists appear empty.
• Resolves an issue that created an incompatibility with some third-party shared libraries
:)
 

foidulus

macrumors 6502a
Jan 15, 2007
904
1
Didn't know you get credit in the Support Notes for reporting a bug :D time to start bug hunting...

It actually depends(largely on the group at Apple I think)

I reported a bug with an Apple product(Java), and while the engineer was quite responsive and eventually fixed the bug, I unfortunately didn't get a nod in the release notes.

It seems that most security bug finders get nods, probably as a way to encourage them to discretely report them to Apple instead of just announcing them to the world.
 

Kdeberk

macrumors newbie
Oct 3, 2010
1
0
Just registered to say that the new security update bricked my laptop.

Thanks, Apple. It just works huh?

Edit:
Tried to reinstall the update, but that crashes with an unknown error. Is there some tool that I can use to debug this installation and see the specific error condition?

Edit2:
Okay. I solved it, here is a description for anyone suffering from the same problem:
After installing 2010-006 the laptop (13" macbook pro OSX 10.6) came back from restarting, my clock was reset to January 1st 2001 and the system could not get a wireless connection. Manually downloaded the update using another computer and moved it over to the laptop. Manual reinstall failed. Set the date back to the present day and manual reinstall worked. The computer restarted and everything worked again.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.