06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps
This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com
Discuss this article in our forums
You may also be interested in this
Apple urges UK to rethink…
06.27.2023
Apple has denounced the UK's Online Safety Bill's kneecapping of end-to-end encryption as a "serious threat" to citizens, and is trying to make the UK government think twice about the
Hands-on: iOS 17 adds int…
06.12.2023
One of the big changes in iOS 17 is support for interactive widgets, a major improvement compared to the initial version of widgets that debuted with iOS 14. In line
Apple will reportedly lau…
05.09.2023
Macworld The iPhone 15 is still months away and we’re already getting rumors about the iPhone 16. And there’s a reason to be excited: Apple might introduce new screen sizes
Apple seeds first develop…
05.19.2023
Apple has released the first developer betas for watchOS 9.6 and tvOS 16.6, following the end of the previous beta cycle.Apple releases new betas for Apple Watch, Apple TV, and
WWDC23 hashflag is live o…
05.31.2023
We’re only a few days away from WWDC 2023, which kicks off on June 5 with a grand opening keynote. As the company prepares for the event, it has launched
Lawsuit that claims Apple…
06.09.2023
A U.S. district judge has ruled that Apple and Amazon must face a class-action lawsuit that alleges the companies worked together to artificially inflate the price of iPhones and iPads
Lowest price ever: 1TB Ma…
04.21.2023
Save $600 on the M1 Pro MacBook Pro 14-inch with a bump up to 1TB of storage. Plus, get $70 off three years of AppleCare with coupon.Get a 1TB MacBook
Download this colorful ge…
05.08.2023
Arriving after his beautiful Apple x Van Gogh wallpapers, Basic Apple Guy has launched a slick geometric iPhone, iPad, and Mac wallpaper for spring. Head below for all the details
