Saturday, February 14, 2015

Apple iTunes Insecure DLL Loading Code Execution

By default iTunes installation does't come with dwmapi.dll but iTunes tries to load the DLL when started.

Create any malicious DLL and rename it to dwmapi.dll, copy to C:\Program Files (x86)\iTunes\

After copying the DLL if we start iTunes will execute the code part of malicious DLL leading to DLL Injection.

Location: C:\Program Files (x86)\iTunes\dwmapi.dll
Application:iTunes 12.0.1.26
OS: Windows 7 Ultimate N SP1

Apples response
        After examining your report we do not see any actual security implications. 
        Writing a file to the C:\Program Files (x86)\iTunes  directory requires local 
        administrative privileges.