CERT-In finds vulnerabilities in Apple iTunes, Google Chrome


New Delhi, May 11 (IANS): The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has warned users of vulnerabilities in Apple iTunes and Google Chrome for desktop which could allow an attacker to execute arbitrary code on the targeted system.

The affected software includes Apple iTunes versions prior to 12.13.2 for Windows.

For Chrome for Desktop, the affected software includes -- versions prior to 124.0.6367.201/.202 (for Windows and Mac) and versions before 124.0.6367.201 (for Linux).

"A vulnerability has been reported in Apple iTunes which could be exploited by a remote attacker to execute arbitrary code on the targeted system," said the CERT-In advisory.

The 'Remote Code Execution' vulnerability exists in the Apple Product due to improper checks in the CoreMedia component. A remote attacker could exploit this vulnerability by sending a specially crafted request, the advisory mentioned.

In addition, the cyber agency said that the reported vulnerabilities exist in Google Chrome due to use-after-free errors in Visuals & ANGLE components; and heap buffer overflow in WebAudio.

"A remote attacker could exploit these vulnerabilities by executing a specially crafted HTML page to trigger heap corruption," CERT-In noted.

"Successful exploitation of these vulnerabilities could allow the remote attacker to compromise the targeted system," it added.

The agency also suggested users to apply appropriate security updates as mentioned by the companies.

 

  

Top Stories


Leave a Comment

Title: CERT-In finds vulnerabilities in Apple iTunes, Google Chrome



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.