Researchers have found a failure in the version of itunes for the Windows which allows access to different types of privileges in the operating system. The authors of the discovery are from Synopsys Cybersecurity Research Center (CyRC) and they mentioned a weakness in the software that can even lead to manipulation of the data. This happens because the program creates a folder in Windows called “SC Info“. Although only the system has access to this folder, all users of the computer can have access and complete control over the item. Thus, it provides a high number of administrator privileges.

If this folder is deleted and has a link created by the user with reference to it for Windows, this ends up forcing the system to try to repair the process and with that, recreates the folder. In this way, the new item created generates access with elevated privileges within the software. This vulnerability allows someone who does not have elevated permissions to gain access to a higher level of privileges. That is, malicious users can obtain sensitive data, as well as modify or even delete information that they would not normally be able to view.




