Apple iTunes vulnerability
The advisory specifically lists vulnerabilities in older versions of Apple iTunes, prior to version 12.13.2 for Windows, and certain versions of Google Chrome for desktop computers, particularly versions prior to 124.0.6367.201/.202 for Windows and Mac and versions prior to that. 124.0.6367.201 for Linux.
CERT-In highlighted the nature of these vulnerabilities, stating: “A security vulnerability has been reported in Apple iTunes that could be exploited by a remote attacker to execute arbitrary code on a target system.” This vulnerability is due to a weakness in the CoreMedia component, which allows remote attackers to potentially exploit it via carefully crafted requests.
Google Chrome security vulnerabilities
Similarly, CERT-In pointed to vulnerabilities in Google Chrome, attributing them to use-after-free errors in the Visuals and ANGLE components, as well as heap buffer overflows in WebAudio. The agency warned that a remote attacker could exploit these weaknesses by deploying a specially crafted HTML page to cause heap corruption, which could potentially compromise the integrity of the target system.
What should users do?
In response to the identified vulnerabilities, CERT-In strongly recommends that Apple iTunes and Google Chrome users immediately install security updates from their respective companies. This proactive measure is critical in mitigating the risks associated with these vulnerabilities and securing user systems from potential exploitation by malicious actors. By quickly applying necessary security updates, users can significantly reduce the vulnerability of their systems and protect themselves against potential security breaches.
