Apple iTunes < 11.2.1 User Directory Insecure Permissions Vulnerability (uncredentialed check)
Low Nessus Plugin ID 74092
SynopsisThe remote host contains an application that is affected by an insecure permissions vulnerability.
DescriptionThe version of Apple iTunes on the remote host is prior to version 11.2.1. It is, therefore, affected by an insecure permissions vulnerability.
An insecure permissions vulnerability exists when the '/Users' and '/Users/Shared' directories have world-writable permissions. This can allow a local attacker to manipulate the contents or gain escalated privileges.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apple iTunes 11.2.1 or later.