Latest OS X Update Contained iTunes Bug
Security blues: The recently released iTunes 11.2 contains a security bug affecting computers with multiple user accounts.
If you're a Mac user and you downloaded this week's Mac OS X update (Mavericks 10.9.3), you may have noticed that your computer's Users/ and Users/Shared/ folders have disappeared. It turns out the disappearance is due to a security flaw in iTunes 11.2, which was part of the OS X Mavericks 10.9.3 update.
The flaw is only really serious on iMacs and MacBooks with multiple user accounts, as it lets one account compromise the other accounts on the same computer. Apple has already patched the flaw with iTunes 11.2.1, which users can download via the Software Updater or from the Apple website.
MORE: 7 Ways to Lock Down Your Online Privacy
Apple explained in a support note that the bug had to do with how the computer handles the permissions of separate users on the same machine: "Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories [by any user]."
The issue also occurred on some Mavericks computers that had iTunes 11.2 installed separately without upgrading to Mavericks 10.9.3.
"This vulnerability was patched quickly, but the truth is that proper quality control should have meant that it was never introduced in the first place," wrote security expert Graham Cluley on his blog.
OS X Mavericks 10.9.3, which contained the buggy iTunes 11.2, also included an update to Safari 7.0.3, improved support for 4K screens, the ability to sync contacts and calendars between a mobile device and a Mac via USB, and a number of security updates that had been previously released.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+. Follow us@TomsGuide, on Facebook and on Google+.
Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.