Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Apple Update for CVE 2014-1347 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Update for CVE 2014-1347

Apple has released an update to address CVE 2014-1347 (1) for iTunes which addresses a specific vulnerability in the permissions of files and folders of the system.  This vulnerability address a sitution, where "upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling". 

As always, please ensure that all changes are tested and deployed in compliance with enterprise change management standards :)


tony d0t carothers --gmail


150 Posts
ISC Handler
May 17th 2014
FYI, this is to correct an apparent bug/regression introduced with iTunes 11.2.

1 Posts
It is available for Mac OS X only and does not apply to Windows machines. This issue is this -

If you only have one user account on your Mac, because you don't let anyone else use it, you're able to write to your own files at any time anyway.

But if you have a Mac with more than one user account, it means that anyone can modify anyone else's files, just like in the old days of DOS.

BTW - this update applies to the most recent four versions of OS X, namely 10.6 (Snow Leopard), 10.7 (Lion), 10.8 (Mountain Lion) and 10.9 (Mavericks).

13 Posts

Sign Up for Free or Log In to start participating in the conversation!