Apple iTunes For Windows Flaw Let Attackers Execute Malicious Code

A brand unique arbitrary code execution vulnerability has been found out in iTunes that can even enable a risk actor to fabricate malicious actions.

This vulnerability has been assigned with CVE-2024-27793 and the severity is but to be categorized.

Apple has launched a security advisory for addressing this vulnerability which additionally specified that “Apple doesn’t expose, talk about, or confirm security components except an investigation has occurred and patches or releases are on hand”

Technical Analysis

Per the reports shared with Cyber Safety Recordsdata, this vulnerability exists in iTunes version sooner than 12.13.1 for Windows which can perhaps perhaps enable parsing a malicious file that can result in unexpected app termination or arbitrary code execution on the affected tool.

However, Apple has addressed this vulnerability by making improvements to checks sooner than parsing a malicious file.

Customers of Apple iTunes for Windows are urged to upgrade to iTunes version 12.13.2 for patching this vulnerability.

In most up-to-date times, there were just a few vulnerabilities being identified in Apple against which essentially the most most up-to-date one used to be the SQL injection vulnerability that ended in hacking the infrastructure of Apple.

Among the attention-grabbing conditions of Apple merchandise being targeted by risk actors are “push bombing” assaults, GoFetch vulnerability exploitation, a form confusion zero-day (CVE-2024-23222) and just a few other others.

Additionally, there were additionally conditions where Apple’s iMessage used to be exploited. It is miles advised for customers of Apple merchandise to upgrade their gadgets to the most contemporary variations in elaborate to forestall all these vulnerabilities getting exploited by risk actors.