CCE-50214-6| Platform: cpe:/o:apple:mac_os_14 | Date: (C)2023-11-28 (M)2023-11-28 |
The system _MUST_ be configured to prevent access to other users home folders.
The default behavior of macOS is to allow all valid users access to the the top level of every other users home folder while restricting access only to the Apple default folders within.
Fix:
IFS=$'\n'
for userDirs in $( /usr/bin/find /System/Volumes/Data/Users -mindepth 1 -maxdepth 1 -type d -perm -1 \| /usr/bin/grep -v "Shared" \| /usr/bin/grep -v "Guest" ); do
/bin/chmod og-rw "$userDirs"
done
unset IFS
Parameter:
[711]
Technical Mechanism:
IFS=$'\\n'
for userDirs in $( /usr/bin/find /System/Volumes/Data/Users -mindepth 1 -maxdepth 1 -type d -perm -1 \\| /usr/bin/grep -v "Shared" \\| /usr/bin/grep -v "Guest" ); do
/bin/chmod og-rwx "$userDirs"
done
unset IFS
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.8 | Attack Vector: LOCAL |
| Exploit Score: 1.8 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:94781 |
