PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability

by

Windows users will want to make sure that they are running the latest version of iTunes, iTunes 12.12.9, in order to gain protection from a recently uncovered security vulnerability.

itunes for windows
Apple released iTunes 12.12.9 on May 23, and it fixes an issue that could allow malicious apps to gain elevated privileges to install malware on a Windows machine. While the vulnerability was addressed last week, Synopsys, the security company that discovered the problem, today shared some details on how it worked.

iTunes had a privileged folder with weak access control, allowing a malicious person to redirect the folder creation to the Windows system directory, which could then be used to obtain a higher-privileged system shell.

The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.

All versions of iTunes prior to 12.12.9 are impacted by this vulnerability, and so iTunes users who are running older versions of the software should make sure to update.

Synopsys first discovered the problem in September 2022, and told Apple about it at that point. Apple confirmed the vulnerability in November, and then patched it in May. Apple did not say that this exploit was known to have been used in the wild so it is not as critical as some other vulnerabilities, but it is still a good idea to install the latest version of iTunes right away.

Tags: iTunes, Windows
Related Forum: Mac Apps

Top Rated Comments

HobeSoundDarryl Avatar
HobeSoundDarryl
12 months ago

I wonder how many iTunes users there still are. Especially on windows.
PC is a farrrrrrrrrrrrrrrrrrrr larger world than the bubble in which we Mac people play. Pay attention and you'll see DOS apps still running in relatively important settings- like hospitals. DOS! I just bumped into it in dominant use with a not-poor client only 3 years ago.

I would wild guess- and it is just that as I have no data to support it- there is more-to-far-more active iTunes users than Mac owners. :eek:

Here's a surprising(?) PCmag quote ('https://www.pcmag.com/news/apple-itunes-lives-on-for-windows-pc-users') from only 4 years ago...


Microsoft currently lists the Windows version of iTunes as the most popular app on its digital store, putting it ahead of Netflix and Spotify.
I clicked a link into the store to see where it ranks now ('https://www.microsoft.com/en-us/store/most-popular/apps/pc'). It's #2, right behind WhatsApp and still ahead of Netflix and Spotify.
Score: 13 Votes (Like | Disagree)
jacobgkau Avatar
jacobgkau
12 months ago

Don’t you love it when some companies tell you how to hack into others systems?

/s
I can't tell which part of your comment the sarcasm tag applies to, but the security researchers communicated the issue to Apple privately nine months ago, and waited over a week after the fix was published to disclose the issue publicly. This was a completely responsible disclosure on the researchers' part.
Score: 8 Votes (Like | Disagree)
MrMojo1 Avatar
MrMojo1
12 months ago

I wonder how many iTunes users there still are. Especially on windows.
Why do Apple users continually assume that Windows users don't own any Apple products like an iPhone?
There are lots of iPhone owners who are PC users not Mac users. Also, Windows are [still] used in many parts of the world, more than Macs, esp. in corporate settings.
Score: 8 Votes (Like | Disagree)
MrRom92 Avatar
MrRom92
12 months ago

Me too. And I have the bug that iTunes (also when syncing with Apple Music / Finder) syncs over all songs, including the ones that are already on my iPhone. Major PIA, major bug, for over 13 years now.

https://superuser.com/questions/33641/itunes-syncs-the-same-handful-of-songs-on-every-sync
https://discussions.apple.com/thread/7668361
The most ideal thing would be if apple completely did away with “syncing” or any sort of library management. Just put a folder on the device we can drag and drop any files we want to using the normal windows explorer and the songs should just show up when we open the Music app. Would resolve many, many problems with the way they’ve implemented things. And this is basically how any other personal media player functioned for the last 25 years.
Score: 7 Votes (Like | Disagree)
vertsix Avatar
vertsix
12 months ago

I wonder how many iTunes users there still are. Especially on windows.
Right here.

Still sync 23,000 songs and counting to my 1TB 13 Pro Max.
Score: 6 Votes (Like | Disagree)
Jmausmuc Avatar
Jmausmuc
12 months ago
I wonder how many iTunes users there still are. Especially on windows.
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 18 Siri Integrated Feature

iOS 18 Will Add These New Features to Your iPhone

Friday April 12, 2024 11:11 am PDT by
iOS 18 is expected to be the "biggest" update in the iPhone's history. Below, we recap rumored features and changes for the iPhone. iOS 18 is rumored to include new generative AI features for Siri and many apps, and Apple plans to add RCS support to the Messages app for an improved texting experience between iPhones and Android devices. The update is also expected to introduce a more...
Read Full Article
iOS NES Emulator Bimmy Feature

NES Emulator for iPhone and iPad Now Available on App Store [Removed]

Tuesday April 16, 2024 11:33 am PDT by
The first approved Nintendo Entertainment System (NES) emulator for the iPhone and iPad was made available on the App Store today following Apple's rule change. The emulator is called Bimmy, and it was developed by Tom Salvo. On the App Store, Bimmy is described as a tool for testing and playing public domain/"homebrew" games created for the NES, but the app allows you to load ROMs for any...
Read Full Article224 comments
iGBA Feature

Apple Removes Game Boy Emulator iGBA From App Store Due to Spam and Copyright Violations

Sunday April 14, 2024 9:22 pm PDT by
Apple today said it removed Game Boy emulator iGBA from the App Store for violating the company's App Review Guidelines related to spam (section 4.3) and copyright (section 5.2), but it did not provide any specific details. iGBA was a copycat version of developer Riley Testut's open-source GBA4iOS app. The emulator rose to the top of the App Store charts following its release this weekend,...
Read Full Article135 comments
Delta Feature

Delta Game Emulator Now Available From App Store on iPhone

Wednesday April 17, 2024 9:58 am PDT by
Game emulator apps have come and gone since Apple announced App Store support for them on April 5, but now popular game emulator Delta from developer Riley Testut is available for download. Testut is known as the developer behind GBA4iOS, an open-source emulator that was available for a brief time more than a decade ago. GBA4iOS led to Delta, an emulator that has been available outside of...
Read Full Article138 comments
iPhone 15 Pro Action Button Translate

All iPhone 16 Models to Feature Action Button, But Usefulness Debated

Tuesday April 16, 2024 6:54 am PDT by
Last September, Apple's iPhone 15 Pro models debuted with a new customizable Action button, offering faster access to a handful of functions, as well as the ability to assign Shortcuts. Apple is poised to include the feature on all upcoming iPhone 16 models, so we asked iPhone 15 Pro users what their experience has been with the additional button so far. The Action button replaces the switch ...
Read Full Article101 comments
iGBA Feature

Game Boy Emulator for iPhone Now Available in App Store Following Rule Change [Removed]

Sunday April 14, 2024 8:06 am PDT by
A week after Apple updated its App Review Guidelines to permit retro game console emulators, a Game Boy emulator for the iPhone called iGBA has appeared in the App Store worldwide. The emulator is already one of the top free apps on the App Store charts. It was not entirely clear if Apple would allow emulators to work with all and any games, but iGBA is able to load any Game Boy ROMs that...
Read Full Article106 comments