Summary
The host is installed with Apple iTunes
and is prone to Privilege Escalation Vulnerability.
Impact
Successful exploitation will allow local
attacker to manipulate contents in the directories and gain escalated privileges.
Impact Level: Application.
Solution
Upgrade to iTunes 11.2.1 or later,
For updates refer to http://www.apple.com/itunes
Insight
The flaw exists as world-writable permissions
are set for the /Users and /Users/Shared directories upon reboot
Affected
Apple iTunes prior to 11.2.1 for Mac OS X.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1347 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)