Information
Applications in the System Applications Directory (/Applications) should be world-executable since that is their reason to be on the system. They should not be world-writable and allow any process or user to alter them for other processes or users to then execute modified versions.
Unauthorized modifications of applications could lead to the execution of malicious code.
Solution
Terminal Method:
Run the following command to change the permissions for each application that does not meet the requirements:
$ /usr/bin/sudo IFS=$'
'
for apps in $( /usr/bin/find /System/Volumes/Data/Applications -iname "*.app" -type d -perm -2 | grep -v Xcode.app ); do
/bin/chmod -R o-w "$apps"
done
Note: Global changes should not be performed where mission-critical applications are part of the improperly permissioned applications.
Impact:
Applications changed will no longer be world-writable. Depending on the environment, there will be different risk tolerances on each non-conforming application. Global changes should not be performed where mission-critical applications are misconfigured.