Apple iTunes app on Windows has a flaw that can put your personal and sensitive data at risk, here’s how you can fix it – Times of India
iTunes vulnerability: What is it
According to the report, a security vulnerability has been found in the Windows version of iTunes by Synopsys Cybersecurity Research Center (CyRC) back in 2022. The vulnerability, when exploited can provider hackerrs local privilege escalation to get system-level access.
In simple words, hackers can use this vulnerability in iTune to gain users’ device permissions and access locally stored data. Once these privileges are provided, they can have the ability to open files, access security settings, change or delete data and more. If these access reaches administrative level, they can do a lot more like making changes to user accounts, install and delete new apps.
How it will affect users
Considering the vulnerability in iTune can let hackers access deep access to the system, it can put users’ data at risk along with sensitive data like address, bank information, OTP, etc can also be accessed by them. This can even let them access data stored on other computers connected to the same network.
Why this vulnerability exists
On Windows, iTunes creates a folder called SC Info which is supposed to be accessed only by iTunes. However, with the bug, the software is providing complete access to the folder to users and full authority as well. Also, this folder can’t be deleted as it creates a link and Windows then automatically recreates the folder again. This folder gives high-level access to Windows system.
How you can protect yourself
The research firm has revealed the vulnerability as CVE-2023-32353. Apple has already issued a patch for this bug in May. All users need to do is update the iTunes app on Windows with version 12.12.9 or newer.
function loadGtagEvents(isGoogleCampaignActive) { if (!isGoogleCampaignActive) { return; } var id = document.getElementById('toi-plus-google-campaign'); if (id) { return; } (function(f, b, e, v, n, t, s) { t = b.createElement(e); t.async = !0; t.defer = !0; t.src = v; t.id = 'toi-plus-google-campaign'; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s); })(f, b, e, 'https://www.googletagmanager.com/gtag/js?id=AW-877820074', n, t, s); };
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest Technology News Click Here
