iTunes < 11.2.1 User Directory Insecure Permissions Vulnerability (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote host contains an application that is affected by an
insecure permissions vulnerability.

Description :

The version of iTunes installed on the remote Mac OS X host is older
than 11.2.1. It is, therefore, affected by an insecure permissions

An insecure permissions vulnerability exists where the '/Users' and
'/Users/Shared' directories have world-writable permissions. This
could allow a local attacker to manipulate the contents or gain
escalated privileges.

See also :

Solution :

Upgrade to iTunes 11.2.1 or later.

Risk factor :

Low / CVSS Base Score : 3.6
CVSS Temporal Score : 3.1
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 74093 ()

Bugtraq ID: 67457

CVE ID: CVE-2014-1347