The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-32353, a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. iTunes is a software program that acts as a media player, media library, mobile device management utility, and the client app for the iTunes Store. It is developed by Apple Inc.
The application creates a privileged folder with weak access control. It is possible for a regular user to redirect this folder creation to the Windows system directory. This can then be leveraged to obtain a higher-privileged system shell.