Vigil@nce - Symantec PGP Desktop, Encryption Desktop: file manipulation on OS X
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can alter a file of Symantec PGP Desktop or
Encryption Desktop installed on OS X, in order to create a file or
to change permissions.
Impacted products: Symantec Encryption Desktop, PGP Desktop
Severity: 2/4
Creation date: 23/06/2014
DESCRIPTION OF THE VULNERABILITY
The Symantec PGP Desktop or Symantec Encryption Desktop product
can be installed on OS X.
However, some files are installed with world-writeable
permissions. A local attacker can thus alter them:
– to create new files, or
– to change permissions of an existing file.
A local attacker can therefore alter a file of Symantec PGP
Desktop or Encryption Desktop installed on OS X, in order to
create a file or to change permissions.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN