A high-severity vulnerability has been discovered in Apple’s iconic iTunes program that could allow threat actors to locally escalate privileges, essentially giving them the keys to their kingdom.
Cybersecurity researchers from Synopsys Outlines the flaw in the Windows version of Multimedia Center, explaining that the application creates a privileged folder with weak access controls.
Thus, a threat actor (in this case, a regular user without any elevated privileges) can redirect this folder creation to the Windows system directory, and then use this folder to gain a higher privileged system shell.
High-Severity iTunes Vulnerabilities
“The iTunes application creates a folder called SC Info in the C:\ProgramData\Apple Computer\iTunes directory as the system user and grants full control to this directory to all users,” the researchers explained. “After installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows SYSTEM folder, and recreate the folder with a forced MSI repair, which can later be used to gain Windows SYSTEM level access .”
The vulnerability is now tracked as CVE-2023-32353 and affects versions of iTunes prior to 12.12.9. It has a severity score of 7.8 and is considered “high severity.”
Apple has recently been working hard to fix a number of high-severity vulnerabilities in its ecosystem.
Microsoft recently reported the discovery of a major vulnerability in macOS called Migraine that could allow threat actors with root privileges to bypass System Integrity Protection, allowing them to install “unremovable” malware.
Additionally, the vulnerability allows threat actors to bypass Transparency, Consent, and Control (TCC) functionality and gain access to sensitive data. The bug has been patched across the Apple ecosystem, and users are being told to apply the fix as soon as possible.
Additionally, less than a month ago, the company announced the fix of two zero-day vulnerabilities that were apparently being abused to target users of iPhone, Mac, and iPad endpoints. These flaws are said to allow threat actors to take full control over vulnerable devices.