Apple Update for CVE 2014-1347

Published: 2014-05-17. Last Updated: 2014-05-17 15:24:06 UTC
by Tony Carothers (Version: 1)
2 comment(s)

Apple has released an update to address CVE 2014-1347 (1) for iTunes which addresses a specific vulnerability in the permissions of files and folders of the system.  This vulnerability address a sitution, where "upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling". 

As always, please ensure that all changes are tested and deployed in compliance with enterprise change management standards :)

(1)http://support.apple.com/kb/TS5434

tony d0t carothers --gmail

Keywords:
2 comment(s)

Comments

FYI, this is to correct an apparent bug/regression introduced with iTunes 11.2.
It is available for Mac OS X only and does not apply to Windows machines. This issue is this -

If you only have one user account on your Mac, because you don't let anyone else use it, you're able to write to your own files at any time anyway.

But if you have a Mac with more than one user account, it means that anyone can modify anyone else's files, just like in the old days of DOS.

BTW - this update applies to the most recent four versions of OS X, namely 10.6 (Snow Leopard), 10.7 (Lion), 10.8 (Mountain Lion) and 10.9 (Mavericks).

Diary Archives