PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability
Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability.
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.
iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.
All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.
Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.
Popular Stories
Apple today announced a "special Apple Experience" in New York, London, and Shanghai, taking place on March 4, 2026 at 9:00am ET.
Apple invited select members of the media to the event in three major cities around the world. It is simply described as a "special Apple Experience," and there is no further information about what it may entail. The invitation features a 3D Apple logo design...
Apple plans to release an iPhone 17e and an iPad Air with an M4 chip "in the coming weeks," according to the latest word from Bloomberg's Mark Gurman.
"Apple retail employees say that inventory of the iPhone 16e has basically dried out and the iPad Air is seeing shortages as well," said Gurman. "I've been expecting new versions of both (iPhone 17e and M4 iPad Air) in the coming weeks."...
Apple's upcoming iPhone 18 Pro and iPhone 18 Pro Max models "won't be a big update," according to Bloomberg's Mark Gurman.
In the latest edition of his "Power On" newsletter, Gurman said that the iPhone 18 Pro models will "represent minor tweaks from last year's iPhone 17 Pro and 17 Pro Max." He compared the upgrade to Apple's past practice of appending the letter "S" to its more minor...
While the iPhone 18 Pro and iPhone 18 Pro Max are still seven months away, an analyst has revealed five new features the devices will allegedly have.
Rumored color options for the iPhone 18 Pro models
In a research note with investment firm GF Securities on Thursday, analyst Jeff Pu outlined the following upgrades for the iPhone 18 Pro models:
Smaller Dynamic Island: It has been rumored...
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai.
At an Apple Experience, attendees are typically given the opportunity to try out Apple's latest hardware or software. Following the launch of Apple Creator Studio last month, for example, some content creators attended an Apple Experience...
