Information
Applications in the System Applications Directory (/Applications) should be world executable since that is their reason to be on the system. They should not be world writable and allow any process or user to alter them for other processes or users to then execute modified versions
Rationale:
Unauthorized modifications of applications could lead to the execution of malicious code.
Impact:
Applications changed will no longer be world writable
Solution
Change permissions so that 'Others' can only execute. (Example Below)
sudo chmod -R o-w /Applications/BadPermissions.app/