06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
Unlock Netflix, Hulu, and…
05.30.2023
Macworld Web security is a matter to be taken seriously. Unfortunately, while most VPNs protect you, they also sacrifice performance, making it difficult to do things like stream content. Wish
Apple, Major League Baseb…
08.07.2024
Apple and MLB today announced the September schedule for “Friday Night Baseball,” a weekly doubleheader available to Apple TV+ subscribers.
iPhone 14 vs. iPhone 12: …
05.09.2023
Considering upgrading to the iPhone 14 from your iPhone 12? Read our comparison to find out if you should wait for iPhone 15. (via Cult of Mac - Tech and
New Foundation season 2 t…
07.06.2023
“Foundation’ season 2 premieres next week, and to get fans exited Apple TV+ released a second trailer for the epic sci-fi series. (via Cult of Mac - Tech and culture
Apple offers more ways to…
09.14.2023
Starting tomorrow, customers can pre-order Apple’s new iPhone 15 and choose from a number of financing, delivery, and pickup options.
Made for iPhone hearing a…
05.16.2023
As part of a flurry of new accessibility improvements announced by Apple today, the company says that Made for iPhone hearing aids can pair directly with Macs for the first
The new iMac: Everything …
06.02.2023
Macworld Apple introduced the redesigned iMac with a new colorful design and M1 chip at its Spring Loaded event back in April 2021. Now we have passed the two-year anniversary
Expect Apple’s flagship i…
07.07.2023
Supply chain checks suggest that the production schedule for the iPhone 15 is on track, but the iPhone 15 Pro Max is rumored to be more expensive than ever before.
