Apple has rushed an update to its iTunes software to fix a security hole, a security firm said over the weekend.
Sophos said iTunes 11.2 contained a "permissions blunder" that could
allow anyone to modify local user accounts on a machine running Apple's
OS X.
Citing Apple's security bulletin, Sophos'
Paul Ducklin said in a blog post that a local user who exploits the bug
"can compromise other local user accounts."
"Upon each reboot, the permissions for the /Users and /Users/Shared
directories would be set to world-writable, allowing modification of
these directories," it added.
Ducklin said this is particularly dangerous for iTunes users on Mac
machines, adding iTunes for Windows does not seem to be affected.
On the other hand, Ducklin said the patch applies all the way back to Snow Leopard, OS X 10.6. — Joel Locsin/TJD, GMA News
source: gmanetwork.com
