Apple iTunes is a digital media program that serves as a music player, media library and mobile device management utility. It can also connect to the Internet and access the iTunes Store, where digital downloads of music videos, songs, iPod games, audio books, e-books, feature-length films, TV shows, podcasts and ringtones can be purchased and downloaded. Originally developed in 2001 as a simple music player for Apple’s iPod line of portable media players, the program has since matured into a full-fledged software application capable of so much more.
A high-severity vulnerability has been discovered in the Windows version of Apple iTunes that would allow menace actors to escalate privileges regionally — basically giving them the keys to the kingdom. The flaw was discovered by researchers from Synopsys Cybersecurity Research Center, who say that the iTunes software creates a privileged folder with weak access control. A threat actor could use the file to redirect this folder creation into the Windows system directory and then leverage it to acquire a higher-privileged system shell.
This vulnerability affects any device running a version of the iTunes app that is older than version 11.4.3. Apple has released an update for the program, which it recommends all users apply as soon as possible. The company has also warned Mac and iOS users of the dangers involved in using the affected apps.
The flaw is believed to have been exploited by commercial spyware companies in malware campaigns that target iPhones and iPads to gather user information. In particular, the vulnerabilities have been used in tools from Israel-based NSO Group, which is known for developing surveillance apps that can steal files from the phones of targeted individuals and send them to attackers.
Although the latest updates for iPhones and iPads contain the fixes to these new security risks, this is a reminder of just how important it is to keep your devices and software up-to-date. For the best security and performance, you should always apply software updates as soon as they become available.
Apple’s latest announcement is a bit of a shock for loyal iTunes users. The 18-year-old digital media program is being axed and will be replaced by Apple Music, a subscription-based streaming service. It’s a change that will probably leave many wondering: what will happen to all my tunes? For now, all you need to do is follow this guide.