A serious Windows iTunes security vulnerability has been revealed, affecting all versions prior to the latest update, released a week ago …
It worked in combination with other Windows vulnerabilities to turn a limited problem into a massive one.
The Synopsys Cybersecurity Research Centre (CyRC) has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows, enabling hackers with limited access to a system the ability to escalate their user privileges to the highest possible access permissions.
All Apple iTunes versions prior to 12.12.9 are affected by this flaw, and the vulnerability has received a ‘high’ CVSS score (7.8) – CVSS, or Common Vulnerability Scoring System, ranks the severity of a vulnerability on a scale of 0 to 10.
Synopsys first discovered the security vulnerability in September of last year. Apple confirmed the findings in November, and started work on figuring out how to patch it. That was seemingly no easy task, as the company only did so in iTunes version 12.12.9, issued on May 23.
Now that the Windows iTunes vulnerability has been patched, Synopsys has disclosed its findings.
The application creates a privileged folder with weak access control. It is possible for a regular user to redirect this folder creation to the Windows system directory. This can then be leveraged to obtain a higher-privileged system shell.
The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows system-level access.
Note that the issue is restricted to the Windows version of iTunes, with an immediate update strongly recommended. No action is required by Mac users.
FTC: We use income earning auto affiliate links. More.
Comments