A serious Windows iTunes security vulnerability has been revealed, affecting all versions prior to the latest update, released a week ago … The The post PSA: Serious Windows iTunes vulnerability discovered, immediate update advised appeared first on 9to5Mac.

A serious Windows iTunes security vulnerability has been revealed, affecting all versions prior to the latest update, released a week ago … The The post PSA: Serious Windows iTunes vulnerability discovered, immediate update advised appeared first on 9to5Mac.

Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability. Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked. iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.The iTunes application creates a folder, SC…

Researchers have found a vulnerability in iTunes for Windows that lets users escalate system privileges, and Windows users should update the app.iTunes on Windows has a security flawIn late 2022, the Synopsys Cybersecurity Research Center (CyRC) discovered a security vulnerability within the Windows version of the iTunes app. Exploiting it can lead to local privilege escalation to achieve system-level privileges. Read more...

Researchers have found a vulnerability in iTunes for Windows that lets users escalate system privileges, and Windows users should update the app.iTunes on Windows has a security flawIn late 2022, the Synopsys Cybersecurity Research Center (CyRC) discovered a security vulnerability within the Windows version of the iTunes app. Exploiting it can lead to local privilege escalation to achieve system-level privileges. Read more...

Macworld Microsoft has released details on a security vulnerability that the company discovered in macOS Ventura. The vulnerability, which Microsoft dubbed “Migraine,” involved Apple’s Migration Assistant and allows a hacker to get by macOS’s System Integrity Protection and get access to the data on the Mac. In a blog post, Microsoft provides the technical details on how Migraine works. Apple’s SIP provides security for macOS to stop unauthorized root access, but the Migration Assistant app has a privilege that allows it to have unrestricted root access. Microsoft created a modified version of Migration Assistant that takes advantage of this exploit, but the modified app had to be used while the Mac’s Setup Assistant is in debug mode. Microsoft’s researchers were…