CVE-2014-3431

Name of the Vulnerable Software and Affected Versions Symantec PGP Desktop versions 10.x Symantec Encryption Desktop Professional versions 10.3.x through 10.3.2 MP1

Description The issue allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes. This is due to world-writable permissions for temporary files on OS X.

Recommendations For Symantec PGP Desktop version 10.x, update to a version that includes the necessary permissions changes for temporary files. For Symantec Encryption Desktop Professional versions 10.3.x through 10.3.2 MP1, update to version 10.3.2 MP2 or later to resolve the issue.