06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
Apple announces finalists…
11.19.2025
Apple announced the finalists for the 2025 App Store Awards, recognizing 45 app and game developers for their achievements in innovation, user experience, and cultural impact.
Foundation’s season 2 tra…
06.13.2023
Image: Apple It’s going to be a sci-fi summer over on Apple TV Plus. The streaming service is getting a second season of the epic series Foundation in July, and
5 Things You Need to Know…
06.06.2023
Apple announced its biggest addition to the MacBook Air with a lot of fanfare. The larger display on… The post 5 Things You Need to Know About the New 15-inch
Macs can get viruses, but…
06.13.2023
Macworld Do Macs get viruses? Do Macs need antivirus software? The answers to these questions aren’t as simple as they might seem. In this article, we look at the dangers
Rumored Apple Watch Ultra…
07.04.2023
A version of the Apple Watch Ultra incorporating a microLED display may arrive later than previously rumored, with claims that production problems are popping up.Apple Watch UltraThe Apple Watch Ultra
B&H slashes Apple com…
05.30.2023
B&H is offering deep discounts on Mac computers capable of handling projects big and small. Save up to $1,400 instantly with free expedited shipping.Best Apple deals at B&H this weekFrom
Monduo 16-inch Pro Duo Di…
05.12.2023
The Monduo 16-inch Pro Duo Display can turn your single-screen 16-inch MacBook Pro into a triple-screen productivity powerhouse, and it works well — but Apple users have some more flexible
macOS 13: Unleashing the …
10.04.2024
The release of macOS 13 marks a pivotal moment for Apple's desktop operating system. With Apple Silicon firmly entrenched at the heart of Mac hardware, macOS 13 promises to unlock
