06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
The Netflix crackdown on …
05.23.2023
Netflix has been working towards cracking down on password sharing in the United States for a while, and has now introduced a new fee to share your account with somebody
Spotify launches new desk…
06.20.2023
Spotify is out today with an overhaul for its desktop experience. The new UI brings redesigned ‘Your Library’ and ‘Now Playing’ sections to align more with the iOS/Android Spotify app
Using macOS Disk Utility:…
06.13.2023
There are a few final useful utilities in Apple's Disk Utility you may not be aware of. Here's how to use them the continued exploration of the macOS tool.In the
9to5Mac Daily: April 27, …
04.27.2023
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple’s Podcasts app, Stitcher, TuneIn, Google Play, or through our
Hands-on: Here’s why you …
05.02.2023
Snowman first teased its major new mobile game in March and we got a closer look with the official trailer last week. Now the creator of the hit Alto’s Adventure/Odyssey series
Tap to Pay rolls out to A…
05.17.2023
Apple’s Tap to Pay service is rolling out to Australia, following last month’s expansion into Taiwan. The service allows small business to accept contactless payments without the need for a
iOS 17 Apps Can Offer Tip…
06.09.2023
Apple at WWDC this week announced a new TipKit framework that will allow developers to offer tips in their apps on iOS 17, iPadOS 17, macOS Sonoma, watchOS 10, and
iPhone 16 Pro Max assembl…
05.18.2023
Luxshare could see significant growth through 2023 and 2024 as Apple helps it build production lines in India while also offering it iPhone 16 Pro Max production.Luxshare getting help from
