CVE-2014-1347

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
appleitunes
𝑥
≤ 11.2
appleitunes
11.0
appleitunes
11.0.1
appleitunes
11.0.2
appleitunes
11.0.3
appleitunes
11.0.4
appleitunes
11.0.5
appleitunes
11.1
appleitunes
11.1.1
appleitunes
11.1.2
appleitunes
11.1.3
appleitunes
11.1.4
appleitunes
11.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.apple.com/kb/HT6251
http://support.apple.com/kb/HT6251