Sunday, January 19, 2025
HomeAppleApple iTunes for Windows Flaw Let Attackers Execute Malicious Code

Apple iTunes for Windows Flaw Let Attackers Execute Malicious Code

Published on

SIEM as a Service

Follow Us on Google News

iTunes has been found to have an arbitrary code execution vulnerability that might allow attackers to execute malicious code.

To fix this vulnerability, Apple has issued a security advisory. It also stated that until an investigation is complete and updates or releases are ready, Apple will not reveal, discuss, or validate security problems.

“Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available”, the company said.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

iTunes Windows Security Flaw

The vulnerability has been tracked as the CVE-2024-27793, and the severity has not yet been classified.

This vulnerability affects Windows versions of iTunes lower than 12.13.1 and may allow a malicious file to be parsed, which might result in unexpected code execution or unexpected program termination on the impacted device. 

Apple has made “improving checks” before parsing a malicious file to address this issue.

University of Texas at Austin’s Willy R. Vasquez observed and reported this issue.

Recommendation

It is advised that users of Apple iTunes for Windows update to iTunes version 12.13.2 to fix this issue.

A severe vulnerability in several Apple products, including iPhones, MacBooks, iPads, and Vision Pro headsets, has prompted CERT-In to issue a high-risk alert. 

The vulnerability poses a serious risk to user security since it could enable remote execution of arbitrary code by attackers.

Upgrading Apple products to the most recent versions is advised to stop threat actors from taking advantage of these kinds of vulnerabilities.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....