Blogs sobre Seguridad Informática
CVE-2023-32353: Local privilege escalation via iTunes in Windows
Information has been disclosed about a new high criticality vulnerability that affects the Apple iTunes software in Windows environments. This vulnerability would allow an attacker who had access as a non-privileged user on a machine to escalate privileges to local administrator. This vulnerability is caused by incorrectly setting permissions on one of the folders created during the installation of the software: C:ProgramDataApple ComputeriTunesSC Info This folder would have write permissions for any user, so an unprivileged user could delete it, and create a symbolic link pointing to any system folder such as c:Windows. Subsequently, using the repair function of the [...]