06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
How to use a ChatGPT-like…
06.18.2023
AI is taking the world by storm, and while you could use Google Bard or ChatGPT, you can also use a locally-hosted one on your Mac. Here's how to use
The new Apple Silicon Mac…
06.09.2023
The Apple Silicon Mac Pro is here two and a half years after the shift from Intel began, but it looks like the company only did it to say that
Apple Intelligence is AI …
06.14.2024
Apple Intelligence is the personal artificial intelligence system for iPhone, iPad, and Mac that combines the power of generative AI models with personal context to deliver intelligence that’s incredibly useful
Apple’s work on visionOS …
06.12.2023
Apple’s work on visionOS has resulted in this year’s iOS, iPadOS, macOS Sonoma, and watchOS 10 being rather minor releases. iOS 17 upgrades the communications experience with Contact Posters, a
How to make a TikTok soun…
01.12.2023
It's possible to create text tones or ringtones for your iPhone from your favorite TikToks — and for free. Here's how to do it.TikTok is a hub for burgeoning creators
Apple faces billionaire V…
05.23.2023
Billionaire venture capitalist Vinod Khosla’s Khosla Ventures LLC put itself on a collision course with Apple Inc. when it moved into the personal health and fitness space a decade ago
How screen refresh rates …
06.16.2023
Illustration by Samar Haddad / The Verge When you read a review of a smartphone, you will usually be hit with a long list of screen specs: the display type,
iPadOS 17 feature roundup…
06.07.2023
Apple didn't spend much time on iPadOS 17, but there are several new features coming to the platform, plus almost everything from iOS 17 is included too. Here's everything coming
