Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple Update for CVE 2014-1347 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Update for CVE 2014-1347

Apple has released an update to address CVE 2014-1347 (1) for iTunes which addresses a specific vulnerability in the permissions of files and folders of the system.  This vulnerability address a sitution, where "upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling". 

As always, please ensure that all changes are tested and deployed in compliance with enterprise change management standards :)

(1)http://support.apple.com/kb/TS5434

tony d0t carothers --gmail

Tony

150 Posts
ISC Handler
FYI, this is to correct an apparent bug/regression introduced with iTunes 11.2.
RonM

1 Posts
It is available for Mac OS X only and does not apply to Windows machines. This issue is this -

If you only have one user account on your Mac, because you don't let anyone else use it, you're able to write to your own files at any time anyway.

But if you have a Mac with more than one user account, it means that anyone can modify anyone else's files, just like in the old days of DOS.

BTW - this update applies to the most recent four versions of OS X, namely 10.6 (Snow Leopard), 10.7 (Lion), 10.8 (Mountain Lion) and 10.9 (Mavericks).
toymaster

13 Posts

Sign Up for Free or Log In to start participating in the conversation!