The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Symantec PGP Desktop, Encryption Desktop: file manipulation on OS X

Synthesis of the vulnerability 

A local attacker can alter a file of Symantec PGP Desktop or Encryption Desktop installed on OS X, in order to create a file or to change permissions.
Impacted software: Symantec Encryption Desktop, PGP Desktop.
Severity of this computer vulnerability: 2/4.
Creation date: 23/06/2014.
Références of this announce: BID-68077, CVE-2014-3431, SYM14-011, VIGILANCE-VUL-14920.

Description of the vulnerability 

The Symantec PGP Desktop or Symantec Encryption Desktop product can be installed on OS X.

However, some files are installed with world-writeable permissions. A local attacker can thus alter them:
 - to create new files, or
 - to change permissions of an existing file.

A local attacker can therefore alter a file of Symantec PGP Desktop or Encryption Desktop installed on OS X, in order to create a file or to change permissions.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as Symantec Encryption Desktop, PGP Desktop.

Our Vigil@nce team determined that the severity of this security note is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

Symantec Encryption Desktop: version 10.3.2 Maintenance Pack 2.
The version 10.3.2 Maintenance Pack 2 is fixed.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities announces. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.