"Technically the attack is not very challenging and relies on a classic directory traversal attack. It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995."
The vulnerability was first disclosed to Apple on February 10th and after numerous delays, Apple finally agreed to full disclosure occurring overnight (March 29th US time).
In addition to outlining the vulnerability, the author also provides a simple test to detect whether a target system is vulnerable.
Quoting the discoverer:
Here is the syntax for running the scripts against a system or network to detect vulnerable hosts [using a script available from the NMAP website]:
nmap -p 548 --script afp-path-vuln
If the server is vulnerable it will show the following output:
PORT STATE SERVICE
548/tcp open afp
| Patrik's Public Folder/../ (5 first items)
|_AFP path traversal (CVE-2010-0533): VULNERABLE
For those running the Snow Leopard version of Apple OS X, the update may be found here. iTWire strongly recommends applying the update as soon as possible.