Tuesday, October 15, 2024
HomeAppleApple iTunes for Windows Flaw Let Attackers Execute Malicious Code

Apple iTunes for Windows Flaw Let Attackers Execute Malicious Code

Published on

Malware protection

iTunes has been found to have an arbitrary code execution vulnerability that might allow attackers to execute malicious code.

To fix this vulnerability, Apple has issued a security advisory. It also stated that until an investigation is complete and updates or releases are ready, Apple will not reveal, discuss, or validate security problems.

“Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available”, the company said.

- Advertisement - SIEM as a Service

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

iTunes Windows Security Flaw

The vulnerability has been tracked as the CVE-2024-27793, and the severity has not yet been classified.

This vulnerability affects Windows versions of iTunes lower than 12.13.1 and may allow a malicious file to be parsed, which might result in unexpected code execution or unexpected program termination on the impacted device. 

Apple has made “improving checks” before parsing a malicious file to address this issue.

University of Texas at Austin’s Willy R. Vasquez observed and reported this issue.

Recommendation

It is advised that users of Apple iTunes for Windows update to iTunes version 12.13.2 to fix this issue.

A severe vulnerability in several Apple products, including iPhones, MacBooks, iPads, and Vision Pro headsets, has prompted CERT-In to issue a high-risk alert. 

The vulnerability poses a serious risk to user security since it could enable remote execution of arbitrary code by attackers.

Upgrading Apple products to the most recent versions is advised to stop threat actors from taking advantage of these kinds of vulnerabilities.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...