Apple iTunes for Windows Flaw Let Attackers Execute Malicious Code

iTunes has been found to have an arbitrary code execution vulnerability that might allow attackers to execute malicious code.

To fix this vulnerability, Apple has issued a security advisory. It also stated that until an investigation is complete and updates or releases are ready, Apple will not reveal, discuss, or validate security problems.

“Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available”, the company said.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

iTunes Windows Security Flaw

The vulnerability has been tracked as the CVE-2024-27793, and the severity has not yet been classified.

This vulnerability affects Windows versions of iTunes lower than 12.13.1 and may allow a malicious file to be parsed, which might result in unexpected code execution or unexpected program termination on the impacted device. 

Apple has made “improving checks” before parsing a malicious file to address this issue.

University of Texas at Austin’s Willy R. Vasquez observed and reported this issue.

Recommendation

It is advised that users of Apple iTunes for Windows update to iTunes version 12.13.2 to fix this issue.

A severe vulnerability in several Apple products, including iPhones, MacBooks, iPads, and Vision Pro headsets, has prompted CERT-In to issue a high-risk alert. 

The vulnerability poses a serious risk to user security since it could enable remote execution of arbitrary code by attackers.

Upgrading Apple products to the most recent versions is advised to stop threat actors from taking advantage of these kinds of vulnerabilities.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free