Apple is
working on new Music, TV, and Devices apps to replace the antiquated iTunes for Windows, but in the meantime, you should make sure iTunes is up to date on your PC. A new security flaw can do serious damage if you don’t have the latest version.
Apple has released iTunes 12.12.9 for Windows, which contains fixes for two reported security vulnerabilities. The first, CVE-2023-32353, allowed other software to achieve a privileged system shell using a folder that iTunes creates during the installation process. The flaw was discovered by a security consultant at Synopsys.
Synopsys said in a blog post, “the iTunes application creates a folder, SC Info, in the [iTunes directory] as a system user and gives full control over this directory to all users. After the installation, the first user to run the iTunes application can delete the SC Info folder, create a link to the Windows system folder, and re-create the folder by forcing an MSI repair, which can be later used to gain Windows SYSTEM level access.”
The iTunes update also includes a patch for CVE-2023-32351, a separate issue that also allowed other software to gain elevated privileges through iTunes. It’s not clear if either vulnerability has been used in the wild so far.
iTunes 12.12.9 is available to download from
Apple’s website and the
Microsoft Store. It requires Windows 10 or later — support for Windows 8, 7, and earlier versions ended a while ago.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
