CVE-2014-1347 Information

Description

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots which allows local users to modify files and consequently obtain access to arbitrary user accounts via standard filesystem operations.

Reference

http://support.apple.com/kb/HT6251