Apple iTunes app on Windows has a flaw that can put your personal and sensitive data at risk, here’s how you can fix it – Times of India
iTune for Windows reportedly has some bugs and vulnerabilities that’s compromising users safety and security. AppleInsider has repored that researchers have found some vulnerabilities in the Windows version of Apple iTunes that let’s hackers escalate system privileges.
iTunes vulnerability: What is it
According to the report, a security vulnerability has been found in the Windows version of iTunes by Synopsys Cybersecurity Research Center (CyRC) back in 2022. The vulnerability, when exploited can provider hackerrs local privilege escalation to get system-level access.
In simple words, hackers can use this vulnerability in iTune to gain users’ device permissions and access locally stored data. Once these privileges are provided, they can have the ability to open files, access security settings, change or delete data and more. If these access reaches administrative level, they can do a lot more like making changes to user accounts, install and delete new apps.
How it will affect users
Considering the vulnerability in iTune can let hackers access deep access to the system, it can put users’ data at risk along with sensitive data like address, bank information, OTP, etc can also be accessed by them. This can even let them access data stored on other computers connected to the same network.
Why this vulnerability exists
On Windows, iTunes creates a folder called SC Info which is supposed to be accessed only by iTunes. However, with the bug, the software is providing complete access to the folder to users and full authority as well. Also, this folder can’t be deleted as it creates a link and Windows then automatically recreates the folder again. This folder gives high-level access to Windows system.
How you can protect yourself
The research firm has revealed the vulnerability as CVE-2023-32353. Apple has already issued a patch for this bug in May. All users need to do is update the iTunes app on Windows with version 12.12.9 or newer.
iTunes vulnerability: What is it
According to the report, a security vulnerability has been found in the Windows version of iTunes by Synopsys Cybersecurity Research Center (CyRC) back in 2022. The vulnerability, when exploited can provider hackerrs local privilege escalation to get system-level access.
In simple words, hackers can use this vulnerability in iTune to gain users’ device permissions and access locally stored data. Once these privileges are provided, they can have the ability to open files, access security settings, change or delete data and more. If these access reaches administrative level, they can do a lot more like making changes to user accounts, install and delete new apps.
How it will affect users
Considering the vulnerability in iTune can let hackers access deep access to the system, it can put users’ data at risk along with sensitive data like address, bank information, OTP, etc can also be accessed by them. This can even let them access data stored on other computers connected to the same network.
Why this vulnerability exists
On Windows, iTunes creates a folder called SC Info which is supposed to be accessed only by iTunes. However, with the bug, the software is providing complete access to the folder to users and full authority as well. Also, this folder can’t be deleted as it creates a link and Windows then automatically recreates the folder again. This folder gives high-level access to Windows system.
How you can protect yourself
The research firm has revealed the vulnerability as CVE-2023-32353. Apple has already issued a patch for this bug in May. All users need to do is update the iTunes app on Windows with version 12.12.9 or newer.
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
