Did you just download the quarter-gigabyte iTunes 11.2 update for your Mac?
If so, consider it a practice run: you need to do it all over again.
It seems there was a rather spectacular permissions blunder in the iTunes 11.2 update, forcing Apple to rush out iTunes 11.2.1 for OS X within two days.
According to Apple's security bulletin:
Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writeable, allowing modification of these directories.
Is this a dangerous hole?
For many users, not really.
If you only have one user account on your Mac, because you don't let anyone else use it, you're able to write to your own files at any time anyway.
But if you have a Mac with more than one user account, it means that anyone can modify anyone else's files, just like in the old days of DOS.
Clearly, that's not supposed to be allowed.
The bad side of this bug is that you would quite reasonably expect this sort of fault to show up in testing.
The good side, if bugs can have good sides, is that Apple fixed it very quickly.
No comments:
Post a Comment