Skip to main content

Itunes CVE-2014-1347

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2014-05-18 product-security@apple.com
4.4
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
May 18, 2014 - 11:12 cve.org
MEDIUM 4.4

DescriptionCVE.org

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.

AnalysisAI

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary. Rated medium severity (CVSS 4.4). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations. Affected products include: Apple Itunes. Version information: before 11.2.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Itunes

View all
CVE-2017-13802 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13795 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13794 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13792 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13785 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13784 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2020-9850 CRITICAL POC
9.8 Jun 09

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2017-13796 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13791 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13783 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2014-8146 HIGH POC
7.5 May 25

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in I

CVE-2017-13798 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

Share

CVE-2014-1347 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy