CVE-2014-1347 — MEDIUM (4.4)

Q: How severe is CVE-2014-1347?

CVE-2014-1347 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1347?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes, Apple Mac Os X.

Vulnerability Description

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.

CVSS Score

4.4

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Itunes	<= 11.2
Apple	Mac Os X	All versions

Related Weaknesses (CWE)

CWE-264

References

http://support.apple.com/kb/HT6251Vendor Advisory
http://support.apple.com/kb/HT6251Vendor Advisory

FAQ

What is CVE-2014-1347?

CVE-2014-1347 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary us...

How severe is CVE-2014-1347?

CVE-2014-1347 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1347?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes, Apple Mac Os X.