Apple releases patch for 10.6.4 to fix file-sharing security

Apple has released a security update (Security Update 2010-006) for OS X 10.6.4 Snow Leopard, which addresses a problem uncovered in the OS where a remote attacker could use a known username to access files in shared folders.

This patch is specific for the Snow Leopard client and server releases and should be installed if you have file sharing enabled. By default the file-sharing services in OS X are not enabled, so there is no immediate threat if you are not using this feature; however, many users do enable this option, especially on server systems.

The update should be available via Software Update, but is also available as a direct download from Apple's Web site (1.93MB).

The update will just replace the AppleFileServer "CoreServices" application, along with its relevant Launch Daemon property list. You will need to restart your system after installing the update.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.