Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
References
Link | Resource |
---|---|
http://support.apple.com/kb/HT6251 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2014-05-18 04:12
Updated : 2014-05-19 09:52
NVD link : CVE-2014-1347
Mitre link : CVE-2014-1347
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
apple
- mac_os_x
- itunes