CVE-2014-1347

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
References
Link Resource
http://support.apple.com/kb/HT6251 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:apple:itunes:11.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:11.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Information

Published : 2014-05-18 04:12

Updated : 2014-05-19 09:52


NVD link : CVE-2014-1347

Mitre link : CVE-2014-1347


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

apple

  • mac_os_x
  • itunes