PSA: If You Run Windows, Make Sure to Up…

06.02.2023
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple

Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability.



Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.

iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.

The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.

All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.

Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.

Tags: iTunes, Windows
Related Forum: Mac Apps

This article, "PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability" first appeared on MacRumors.com

Discuss this article in our forums


You may also be interested in this

Here’s how many 9to5Mac r…

06.14.2023
Last Friday, we polled readers to ask how many planned to buy Vision Pro now that the product is real. Naturally, the 9to5Mac audience includes a few early adopters, so

Apple’s Find My enables s…

11.11.2024
Share Item Location helps users locate and recover misplaced items by securely sharing the location of an AirTag or Find My network accessory.

Apple shares hit new all-…

06.15.2023
In Nasdaq trading today, shares of Apple Inc. (AAPL) rose $2.06, or 1.12%, to $186.01, a new all-time closing high. Apple today also set a new all-time intraday high of

Gene Munster: AR/VR heads…

05.23.2023
Longtime Apple analyst Gene Munster believes the trend of more immersive consumer tech experiences will continue to grow in popularity, paving the way for a robust headset market. By 2030,

Apple shares second devel…

06.21.2023
Apple has started to distribute the second beta of watchOS 10, with developers provided a fresh build for the Apple Watch operating system.Developers can download the new watchOS betaDevelopers who

iOS 17 should copy this n…

05.15.2023
It’s been a while since WhatsApp added the option to ask for Face ID or Touch ID to unlock the app, so that other people using your phone can’t access

Apple wins Best of Show w…

05.24.2023
Apple is well-known for creating some of the most compelling ads whether that’s for a new product or social missions like accessibility. Now a recent global advertising awards program reiterates

Apple Updates Firmware Ac…

11.15.2025
New firmware versions for AirPods Pro 2 (Lightning and USB-C), AirPods Pro 3, and AirPods 4 have been… The post Apple Updates Firmware Across AirPods 4, Pro 2, and Pro

Popular Posts

Click it!

Search

ipinfo.io

user online122
your visit count
your ID
cityBudapest
postal1007
regionBudapest
countryHU
timezoneEurope/Budapest
loc47.4984, 19.0404
orgAS62214 Rackforest Zrt.
hostr195.synch.hu
OSUnknown Operating System
IP185.80.49.195
languageipinfo.io error
browser ↓
WP Fastest Cache Preload Bot

support me with your mouse

findip.net

user online122
your visit count
your ID
cityBudapest (XI. kerület)
continentEU
countryHungary
system62214
providerRackForest
Time ZoneEurope/Budapest
Weather CodeHUXX0002
Subdivision NameBudapest
loc47.4505,19.0334
orgRackforest Zrt.
connectionCorporate
OSUnknown Operating System
IP185.80.49.195
connectionCorporate
browser ↓
WP Fastest Cache Preload Bot

Recent

X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.