06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
Apple bets big on micro-L…
05.18.2023
We’ve known for a while that Apple has been investing into research and development of micro-LED screen technology, which looks to be the best of both worlds of current-tech OLED
Apple may be forced to al…
06.21.2023
The Competition Commission of India (CCI) is reportedly nearing the conclusion of its antitrust investigation into App Store, and is expected to conclude that Apple must open it up to
Save up to 35% on the bes…
07.07.2023
Whether you're looking for a stable backup power generator or reliability during your most grueling off-grid adventures, Bluetti's Prime Day deals are the perfect opportunity to save big on the
How to use or disable inl…
07.05.2023
First announced as a feature on iOS 17, Apple has added in-line predictive text to typing on macOS Sonoma as well. Here's how it works, and how to stop it,
Vertical Camera Layout Ru…
05.24.2023
According to the Twitter account @URedditor, next year’s standard iPhone 16 models will mark the return of the… The post Vertical Camera Layout Rumored to Return on iPhone 16 appeared
You can thank slumping la…
06.09.2023
The 15-inch MacBook Air is the first Air with a large screen ever. | Photo by Dan Seifert / The Verge A couple of years ago, laptop sales were through
watchOS 10: These are the…
06.05.2023
Apple on Monday announced watchOS 10, a major update to the Apple Watch operating system. As shown in the opening keynote of WWDC 2023, watchOS 10 comes with a refreshed
Got a Quest Pro? You can …
07.06.2023
Macworld We’re still many months away from being able to plunk down $3,500 for an Apple Vision Pro. But if you absolutely can’t wait and you happen to own a
