1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple iTunes has a serious security flaw you really should know a

    From TechnologyDaily@1337:1/100 to All on Fri Jun 2 19:00:03 2023
    Apple iTunes has a serious security flaw you really should know about

    Date:
    Fri, 02 Jun 2023 17:53:43 +0000

    Description:
    Hackers could use iTunes to create a system folder with high privileges, so make sure to patch up.

    FULL STORY ======================================================================

    A high-severity vulnerability has been discovered in Apple's iconic iTunes program that could allow threat actors to escalate privileges locally, essentially giving them the keys to the kingdom.

    Cybersecurity researchers from Synopsys outlined the flaw in the Windows version of the multimedia hub, explaining that the app creates a privileged folder with weak access controls.

    As a result, a threat actor (in this case, a regular user without any
    elevated privileges) can redirect this folder creation to the Windows system directory, and then use the folder to obtain a higher-privileged system
    shell. High severity iTunes flaw

    The iTunes application creates a folder, SC Info, in the C:\ProgramData\Apple Computer\iTunes directory as a system user and gives full control over this directory to all users, the researchers explained. After the installation,
    the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.

    The flaw is now tracked as CVE-2023-32353, affecting iTunes versions prior to 12.12.9. It has a severity score of 7.8 and is deemed high severity. Read
    more

    Apple just patched a pair of dangerous iOS and macOS security issues, so
    update now


    There's a major new security update for iOS and macOS, so update now


    Here's our list of the best firewalls today

    Apple has been hard at work lately remedying a number of high-severity vulnerabilities across its ecosystem.

    Microsoft recently reported finding a major bug in macOS, dubbed Migraine which could have allowed threat actors with root privileges to bypass System Integrity Protection, giving them the ability to install undeletable malware
    .

    Furthermore, the flaw allows threat actors to work around Transparency, Consent, and Control (TCC) feature, and access sensitive data. The bug has since been patched across the Apple ecosystem, with users told to apply the fix as soon as they can.

    Also, less than a month ago, the company announced fixing two zero-day vulnerabilities that were apparently being abused in the wild to target iPhone, Mac, and iPad endpoint users. The flaws enabled threat actors to take full control over the vulnerable devices, it was said. Stay protected online with these best endpoint security software



    ======================================================================
    Link to news story: https://www.techradar.com/news/apple-itunes-has-a-serious-security-flaw-you-re ally-should-know-about


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)