BugTraq
APPLE-SA-2014-05-16-1 iTunes 11.2.1 May 17 2014 05:39AM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-05-16-1 iTunes 11.2.1

iTunes 11.2.1 is now available and addresses the following:

iTunes
Available for: Mac OS X v10.6.8 or later
Impact: A local user can compromise other local user accounts
Description: Upon each reboot, the permissions for the /Users and
/Users/Shared directories would be set to world-writable, allowing
modification of these directories. This issue was addressed with
improved permission handling. For information on the general content
of iTunes 11.2.1, see http://support.apple.com/kb/TS5434
CVE-ID
CVE-2014-1347

iTunes 11.2.1 may be obtained from:
http://www.apple.com/itunes/download/

The download file is named: iTunes11.2.1.dmg
Its SHA-1 digest is: d7e00140775bd15069ded529388add2ce6f0b538

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTdvWrAAoJEBcWfLTuOo7t1rgP+gL3Z02WLrsQb66XvuTEz9Ij
KHKL/y3yXzMIdwEqFsHvcd8Ls9lBaiSFTkXIWXhgWsW8PZPFZBahprnbbszFmwJ6
P9g2QRWstQFpveImGdrMW3E9yjIf7YvkjD2NNNpG4NUXiejwWANJ1kmfHJ9ny1vs
L8bIImea5+mTMt+fvrJp3vWGAhLSfJYc9HQvIqJxhESiAW0dOoprbkTGVPRbR5wE
w7d1m5LS8nvmWi8blLKvLtv+AX2HJvLniJwYkZXa4kMUy25nYLrTZ09aRMfP2Ygg
4fjsIphrnpScl9gGaBYbp3vncR/g0Nypw0b3/ahlmBnEFFIXHJNjudoW8vbBdyaM
7x1A4y1iVregs7LKRwExhZGjc85WYJis1asVE4A0L8rjqjj/OskXUyFFZ2wKEwic
apZPyeqGOPpdwa3CsHcq7RZZb1Y8aceeLviXKb2iOC37toRMnDkMr2SBd/xD6TfE
fWxBbFnxsY+BFbfz9QUpvtmWI3a399vqt6J9RXxve/a/nd8XyCUdgTxhGSf+uUZ4
U6vJppHF+nzXjaua8L7z8RXxQDfjFm2pI9a3VfRjq50hrznCprXSIR148//WSiHJ
Y6Ss5s+lHLedmdudW9Fsiywb0ImEK88bQtmHg4WqxOfFbC9X25262WhDN+m7KoGJ
4kQtMB6mjCY/WsU+frOA
=P5hZ
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTdvYKAAoJEBcWfLTuOo7ta1AP/2/ykPIMN+d2YnvZGbsv/6MR
ddil3qDly1UmC2Pb4f+NrzShnTdWTZmaH8RLtmcLEnoZl6KOWbmZ7yUdqY99dv1x
YgfWJ0lAZNT91GMl3tLsL983P0uLXffHvq6FlkU5BO7b2XpJnKRoW2UAFIxVKwkm
bYKhbwIl3E5EsWtgrdAdqs9dRF8zojqOsVot+qUNzeilNvCEdHnD/PZEA8y6A+aC
ljk5cvYxHkEQoCfJ6noq4GxB72os1Q/HrB+9MM71RAt1JmrLZ9eINwogu9ZBZLSg
KzXOukFVSpDkv1QIT6XhbMTWmJpfKTJA8QTL3P52GL96i0AA579BM0uy05tlfTs9
QNP7ELu7mME6ylxH0c414tSq/Y4ulvj9bmyLT/cqyMMjrGm9xga4vxjGZLUVOy1Y
pNG+G2H+de0Ho/3Ii7vhjSRLkWaa61TZzwP+PmGvrgzeXV3DBuqyBhT1amsEcp4f
xNsOu7bVzQgFEHJGNT+XoJF5x2/K1RpDh/R4MYQFvrax8Dp0o9dILn4fXpDD1M1/
O5UnPytP1fVvJ1vJL6Dhz2m0Tz7+55pxv1kW3/z6Uqh2Idde3kYfUU0hnV2MnfWw
E3CubOx0p2bVY8dExrWO/YFmZT0UFI+IOmSZvdACHG85q68/ViK6YqkRV14pOOym
Ai6dPs3HMQJI8pCQIWas
=K0WM
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus