Apple releases iTunes update, fixes important vulnerabilities, reminds users to upgrade as soon as possible

News on June 2, Apple officials recently released a message that they will launch iTunes for Windows 10 and Windows 11 on May 23 Version 12.12.9 updated. The focus of this update is to fix an important privilege escalation vulnerability, and users are advised to install the update as soon as possible to ensure the security of their devices.

According to a press release issued on Apple’s official website, this privilege escalation vulnerability exists in the old version of iTunes for PC. Malware can use this vulnerability to escalate privileges and run on Windows 10 and Windows 10. 11 Malware installed on the device. The specific details of the vulnerability were confirmed by security firm Synopsys and were shared publicly in a recent vulnerability disclosure.

# According to the editor’s understanding, this vulnerability mainly involves the control of folder permissions in the PC version of iTunes. An attacker could exploit this vulnerability to create a folder redirection pointing to a Windows system directory to gain a higher-privileged system shell. The iTunes application will be stored in C:\ProgramData\Apple as the system user Create a folder named "SC Info" in the Computer\iTunes directory and grant full control of the folder to all users.

Users running the iTunes application can delete the "SC Info" folder and create a link to the Windows system folder. By forcing an MSI repair operation, "SC Info" folder will be recreated, allowing the attacker to gain Windows system-level access.

In September 2022, Synopsys security company first discovered the vulnerability and reported related issues to Apple . Apple confirmed the vulnerability in November last year and fixed it in an iTunes update in May this year. To ensure that devices are protected from potential threats, Apple wants users to install the latest version of iTunes, so this update was carried out .

Apple has always been committed to ensuring the security and privacy of users. They encourage users to update their software in a timely manner to enjoy the latest features and fix known vulnerabilities. They also recommend that users pay attention to security tips and recommendations from official channels. Avoid downloading and installing applications from unknown sources.

Although Apple has released updates to fix vulnerabilities, as users, we still need to remain vigilant and take security measures, including regularly updating software and installing reliable security protection software, and avoid clicking on suspicious links and downloading unverified apps to keep our devices and personal information safe.

The above is the detailed content of Apple releases iTunes update, fixes important vulnerabilities, reminds users to upgrade as soon as possible. For more information, please follow other related articles on the PHP Chinese website!