Cyfirma Research recently discovered a serious security vulnerability affecting users of iTunes on Windows systems.
This local privilege escalation vulnerability, classified as CVE-2024-44193, allows attackers with limited access to elevate their privileges, potentially compromising entire systems.
The vulnerability, present in iTunes for Windows version 12.13.2.3 and earlier, poses a critical threat to the security of systems, making timely updates and patching essential.
Urgent iTunes update addresses this escalation risk
The core issue behind CVE-2024-44193 lies in improper permission management, specifically related to the AppleMobileDeviceService.exe.
Attackers can exploit the CVE-2024-44193 vulnerability by manipulating the files within the C:\ProgramData\Apple\Lockdown directory. With inadequate permission settings, even low-privileged users can write arbitrary files to this directory, enabling attackers to create opportunities for privilege escalation.
This vulnerability is not difficult to trigger, and thus makes its exploitation particularly concerning, as attackers can use various tools, such as NTFS junctions and opportunistic locks, to craft sophisticated exploit chains resulting in the execution of arbitrary code with elevated privileges.
The exploitation of CVE-2024-44193 follows a structured sequence of steps, allowing attackers to manipulate the AppleMobileDeviceService.exe and gain elevated privileges. First, attackers create arbitrary files within the Lockdown directory, leveraging tools like Oplock to halt processes at key moments. They can then exploit NTFS junctions, which redirect file deletions to critical system areas.
These actions culminate in the…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
