![]() ![]() Hence, if you haven’t updated iTunes for Windows yet, you should do so immediately. ![]() The iTunes 12.12.9 update was quietly pushed out by Apple around May 23, with patches for two security problems that could allow apps to elevate privileges, addressing the “logic issue with improved checks.” The discovery of one of the two flaws was credited to Synopsys’ Shaikh, while the second was discovered by “ycdxsb” of unclear how far back this vulnerability goes, but it’s safe to say it likely encompasses all versions of iTunes 12 before the 12.12.9 fix. ![]() After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.” “The iTunes application creates a folder, SC Info, in the C:ProgramDataApple ComputeriTunes directory as a system user and gives full control over this directory to all users. The flaw was uncovered by Zeeshan Shaikh of the Synopsys Cybersecurity Research Center (CyRC), which published some details on the problem after Apple released iTunes 12.12.9 to patch the issue. iDrop News readers can get lifetime access to MS Office at 77% off the normal price.Get It Here Tired of Subscriptions? Get Microsoft Office Lifetime Access for Just $50Įven Microsoft tries to nudge you toward paying monthly for their Suite 365. ![]()
0 Comments
Leave a Reply. |