Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability.


Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.

iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.
All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.

Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Related Forum: Mac Apps

This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com

Discuss this article in our forums

original link


You may also be interested in this

macOS 13: Unleashing the …

In the ever-evolving landscape of technology, Apple has consistently been at the forefront of innovation. With the release of macOS 13, Apple takes another giant leap forward by fully embracing

Exploring visionOS for Ap…

Exploring iOS 17's second beta release and the first SDK for visionOS, plus finding the right accessories when traveling the globe, all on the AppleInsider podcast.Apple Vision ProThis week Apple

New Windows 11 Phone Link…

Windows 11 debuted "Phone Link," a feature that allows iPhone owners to view notifications on their Windows computers — but it may pose a significant safety risk.Setting up Phone LinkAnnounced

tvOS 16.5 & HomePod 1…

Apple has issued to the public updates to tvOS 16.5 and HomePod software version 16.5, in what is largely a performance and bug fix release.Apple TV 4KThe update follows a

iPhone sales propel Apple…

Apple earned $94.8 billion in revenue in its second quarter of 2023, with earnings buttressed by iPhone sales beating the expectations of analysts and investors.Apple CEO Tim CookAnnounced on Thursday

Daily deals: $729 Apple W…

Today's top bargains include discounts on Razer products, 11% off the iPad Air, and an $85 Apple Pencil Gen 2.Get an Apple Watch Ultra for $729. The AppleInsider team combs

WhatsApp adds iMessage-li…

WhatsApp is one of the most popular messaging apps on the planet. To help keep it that way, the app has to keep adding new features, and the latest is

Apple shares hit new all-…

In Nasdaq trading today, shares of Apple Inc. (AAPL) rose $4.38, or 2.31%, to $193.97, a new all-time closing high. Apple today also set a new all-time intraday high of
X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.