Information
Applications in the System Applications Directory (/Applications) should be world-executable since that is their reason to be on the system. They should not be world-writable and allow any process or user to alter them for other processes or users to then execute modified versions.
Rationale:
Unauthorized modifications of applications could lead to the execution of malicious code.
Impact:
Applications changed will no longer be world-writable. Depending on the environment, there will be different risk tolerances on each non-conforming application. Global changes should not be performed where mission-critical applications are misconfigured.
Solution
Global changes should not be performed where mission-critical applications are part of the misconfigured applications.
Run the following command to change the permissions for each application that does not meet the requirements:
$ sudo /bin/chmod -R o-w /Applications/<applicationname>
example:
$ sudo /bin/chmod -R o-w /Applications/Google Chrome.app/
$ sudo /usr/bin/find /Applications -iname '*.app' -type d -perm -2 -ls
922602 0 drwxr-xrwx 3 seconduser admin 96 8 Aug 04:32 /Applications/Google Chrome copy.app