The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a warning regarding vulnerabilities detected in Apple iTunes and Google Chrome for desktop systems. These vulnerabilities pose the risk of allowing attackers to execute arbitrary code on targeted systems.
According to CERT-In, users of Apple iTunes should be cautious if they are running versions prior to 12.13.2 on Windows platforms. The ‘Remote Code Execution’ vulnerability in iTunes lies in its CoreMedia component, where improper checks could permit remote attackers to execute malicious code through specially crafted requests.
Similarly, CERT-In has identified vulnerabilities in Google Chrome for desktop systems, affecting versions prior to 124.0.6367.201/.202 for Windows and Mac and versions before 124.0.6367.201 for Linux.
The vulnerabilities in Chrome are attributed to use-after-free errors in Visuals and Angle components, as well as a heap buffer overflow in WebAudio. Exploiting these vulnerabilities could enable attackers to trigger heap corruption by executing specially crafted HTML pages.
CERT-In advises users to promptly apply security updates provided by Apple and Google to mitigate these risks. Failure to do so could potentially compromise the security of the affected systems.