When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
November 11:TechRadar Prowrongly attributed the vulnerability research to Cyfirma.
This has now been corrected.
A security vulnerability affecting users of iTunes on Windows systems has been discovered by security researcherMbog14.
Attackers can exploit the CVE-2024-44193 vulnerability by manipulating the files within theC:\ProgramData\Apple\Lockdowndirectory.
They can then exploit NTFS junctions, which redirect file deletions to critical system areas.
These actions culminate in the deletion of essential system files, giving the attacker administrative access.
Organizations are urged to update iTunes to version 12.13.3 or later to mitigate the risk.
The impact of this vulnerability is severe, as it grants attackers administrative-level access to the targeted system.
However, its potential for widespread use remains high due to the low complexity of the attack.
CVE-2024-44193 affects iTunes for Windows globally, impacting a variety of industries that rely on Windows-based systems.
Additionally, organizations handling sensitive data or operating in high-risk environments may face increased exposure to attacks.
