06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
Deals: Amazon Discounts A…
05.25.2023
Last week, the Apple Pencil 2 hit a new all-time low price on Amazon and quickly went out of stock. Today, Amazon has returned with this record low price of
TestFlight accepting visi…
07.06.2023
On Thursday, Apple announced that developers can now submit beta apps built with Xcode 15 to TestFlight. In other words, this means that developers can invite users to try out
Deal: Get the Apple Penci…
05.06.2023
Calling all artists, this one’s for you! Amazon, Best Buy, and Target are currently selling the Apple Pencil… The post Deal: Get the Apple Pencil 2 for just $89 appeared
Apple TV+ award-winning d…
06.29.2023
Apple TV+ announced the highly anticipated third season of “The Morning Show,” starring and executive produced by Reese Witherspoon and Jennifer Aniston, will premiere globally on Wednesday, September 13, 2023
Apple adds Wallet app to …
06.05.2023
The Apple Business Register has been updated to include the Wallet, which may signify some big changes will be made to the financial app in iOS 17.Apple Business RegisterThe Apple
Latest Hermes AirPods Pro…
05.18.2023
Hermes revealed an expensive leather AirPods Pro 2 case and a separate lanyard that brings extreme luxury to your earbuds.Hermes Case for AirPods Pro 2Apple's AirPods Pro 2 aren't too
Frustrated with Snapchat’…
04.28.2023
Whether you’re ready to fully ghost the platform or deactivate your account for a bit, follow along for how to delete Snapchat on iPhone. We’ll also dig into how long
Reddit app ‘Apollo&…
06.08.2023
Apollo, one of the most popular Reddit apps, is shutting down due to modifications made to Reddit's API that will impose incredibly high costs on developers who create Reddit clients.Apollo
