Famous Apple software has a severe security flaw.
Hackers can use this familiar program to create system folders with high privileges.
According to TechRadar, a critical vulnerability has been discovered in Apple's popular iTunes program, which could allow hackers to gain local system privileges to attack victims.
Cybersecurity researchers from Synopsys found a vulnerability in the Windows version of the program, explaining that iTunes created a folder with system privileges but was highly lax in controlling access. Therefore, bad actors can redirect the creation of this folder to the Windows system folder and then use the folder to gain higher privileges.
"The iTunes application creates a folder named SC Info, under the path C: ProgramDataApple ComputeriTunes as the system user, and gives full control of this folder to all users," the researchers explain.
Once installed, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and recreate the folder using the application's MSI repairer, which can later be used to access the Windows system with full privileges.
The vulnerability is tracked with code CVE-2023-32353, affecting iTunes versions before 12.12.9. It has a severity score of 7.8 and is considered "high severity."
Recently, Apple has been working hard to fix severe vulnerabilities throughout its ecosystem. For example, Microsoft discovered a vulnerability called "Migraine" on macOS.
Less than a month ago, the company announced fixes for two zero-day vulnerabilities that appear to be being abused to attack iPhone, Mac, and iPad users. Accordingly, the vulnerabilities allow threat actors to control the victim's devices completely.
Source from the Internet