PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability

by

Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability.

itunes for windows
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.

iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.

The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.

All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.

Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.

Tags: iTunes, Windows
Related Forum: Mac Apps

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Production Will Reportedly Begin Ramping Up in October

Tuesday July 23, 2024 2:00 pm PDT by
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Read Full Article68 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article160 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Kuo: Ultra-Thin iPhone 17 to Feature A19 Chip, Single Rear Camera, Semi-Titanium Frame, and More

Wednesday July 24, 2024 9:06 am PDT by
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Read Full Article162 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
icloud private relay outage

iCloud Private Relay Experiencing Outage

Thursday July 25, 2024 3:18 pm PDT by
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Read Full Article82 comments

Top Rated Comments

HobeSoundDarryl Avatar
HobeSoundDarryl
15 months ago

I wonder how many iTunes users there still are. Especially on windows.
PC is a farrrrrrrrrrrrrrrrrrrr larger world than the bubble in which we Mac people play. Pay attention and you'll see DOS apps still running in relatively important settings- like hospitals. DOS! I just bumped into it in dominant use with a not-poor client only 3 years ago.

I would wild guess- and it is just that as I have no data to support it- there is more-to-far-more active iTunes users than Mac owners. :eek:

Here's a surprising(?) PCmag quote ('https://www.pcmag.com/news/apple-itunes-lives-on-for-windows-pc-users') from only 4 years ago...


Microsoft currently lists the Windows version of iTunes as the most popular app on its digital store, putting it ahead of Netflix and Spotify.
I clicked a link into the store to see where it ranks now ('https://www.microsoft.com/en-us/store/most-popular/apps/pc'). It's #2, right behind WhatsApp and still ahead of Netflix and Spotify.
Score: 13 Votes (Like | Disagree)
jacobgkau Avatar
jacobgkau
15 months ago

Don’t you love it when some companies tell you how to hack into others systems?

/s
I can't tell which part of your comment the sarcasm tag applies to, but the security researchers communicated the issue to Apple privately nine months ago, and waited over a week after the fix was published to disclose the issue publicly. This was a completely responsible disclosure on the researchers' part.
Score: 8 Votes (Like | Disagree)
MrMojo1 Avatar
MrMojo1
15 months ago

I wonder how many iTunes users there still are. Especially on windows.
Why do Apple users continually assume that Windows users don't own any Apple products like an iPhone?
There are lots of iPhone owners who are PC users not Mac users. Also, Windows are [still] used in many parts of the world, more than Macs, esp. in corporate settings.
Score: 8 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
15 months ago

Me too. And I have the bug that iTunes (also when syncing with Apple Music / Finder) syncs over all songs, including the ones that are already on my iPhone. Major PIA, major bug, for over 13 years now.

https://superuser.com/questions/33641/itunes-syncs-the-same-handful-of-songs-on-every-sync
https://discussions.apple.com/thread/7668361
The most ideal thing would be if apple completely did away with “syncing” or any sort of library management. Just put a folder on the device we can drag and drop any files we want to using the normal windows explorer and the songs should just show up when we open the Music app. Would resolve many, many problems with the way they’ve implemented things. And this is basically how any other personal media player functioned for the last 25 years.
Score: 7 Votes (Like | Disagree)
vertsix Avatar
vertsix
15 months ago

I wonder how many iTunes users there still are. Especially on windows.
Right here.

Still sync 23,000 songs and counting to my 1TB 13 Pro Max.
Score: 6 Votes (Like | Disagree)
Jmausmuc Avatar
Jmausmuc
15 months ago
I wonder how many iTunes users there still are. Especially on windows.
Score: 4 Votes (Like | Disagree)
Read All Comments