New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding Apple iTunes and Google Chrome for desktop users. The government’s cyber security unit under the Ministry of Electronics & Information Technology has highlighted vulnerabilities in these products that could potentially enable attackers to execute arbitrary code on the targeted system.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

According to CERT, the vulnerability in Apple iTunes is caused by insufficient checks in a component known as ‘CoreMedia’. Hackers could exploit this by sending a specially crafted message. This vulnerability impacts users of Apple iTunes on Windows versions before 12.13.2. "A vulnerability has been reported in Apple iTunes which could be exploited by a remote attacker to execute arbitrary code on the targeted system," stated the CERT-In advisory. (Also Read: Google Doodle Celebrates Mother's Day 2024 With Heartwarming Tribute To Maternal Bond)


‘Remote Code Extension’ is a security vulnerability in Apple products which happens from inadequate checks in the CoreMedia component. Malicious attackers can send a specifically crafted request if this is exploited. In the same way, Google chrome also faces vulnerabilities in its Visuals and ANGLE components as well as in WebAudio due to use-after-free errors and heal buffer overflow. (Also Read: Elon Musk Bans Over 1.8 Lakh Accounts On X In India Between March 26 and April 25 Due To THIS Reason; Details Here)


To safeguard against this vulnerability, Apple iTunes users can follow this step:


CERT recommends updating to the latest iTunes version to mitigate potential vulnerabilities.


- Update iTunes: Ensure your iTunes application is updated to the latest version. This can typically be done by navigating to the Help section within iTunes and selecting "Check for Updates."


Google Chrome vulnerability 


CERT mentioned that the vulnerability identified under CVE-2024-4671 is currently being exploited in real-world situations. Users are strongly advised to promptly patch their vulnerable devices. The affected versions of Google Chrome for Desktop are versions before 124.0.6367.201/.202 for Windows and Mac and versions prior to 124.0.6367.201 for Linux.