A high-severity vulnerability has been discovered in Apple's iconic iTunes program that could allow threat actors to escalate privileges locally, essentially giving them the keys to the kingdom.
Cybersecurity researchers from Synopsys outlined the flaw in the Windows version of the multimedia hub, explaining that the app creates a privileged folder with weak access controls.
As a result, a threat actor (in this case, a regular user without any elevated privileges) can redirect this folder creation to the Windows system directory, and then use the folder to obtain a higher-privileged system shell.
High severity iTunes flaw
“The iTunes application creates a folder, SC Info, in the C:ProgramDataApple ComputeriTunes directory as a system user and gives full control over this directory to all users,” the researchers explained. “After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.”
The flaw is now tracked as CVE-2023-32353, affecting iTunes versions prior to 12.12.9. It has a severity score of 7.8 and is deemed “high severity”.
Apple has been hard at work lately remedying a number of high-severity vulnerabilities across its ecosystem.
Microsoft recently reported finding a major bug in macOS, dubbed Migraine which could have allowed threat actors with root privileges to bypass System Integrity Protection, giving them the ability to install “undeletable” malware.
Furthermore, the flaw allows threat actors to work around Transparency, Consent, and Control (TCC) feature, and access sensitive data. The bug has since been patched across the Apple ecosystem, with users told to apply the fix as soon as they can.
Also, less than a month ago, the company announced fixing two zero-day vulnerabilities that were apparently being abused in the wild to target iPhone, Mac, and iPad endpoint users. The flaws enabled threat actors to take full control over the vulnerable devices, it was said.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba