Centre warns of high-risk vulnerabilities in Google Chrome, Apple iTunes
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning about potential vulnerabilities, in Google Chrome and Apple iTunes desktop applications. These weaknesses could potentially permit hackers to remotely access a user's device and execute arbitrary code. CERT-In, which operates under the Ministry of Electronics and Information Technology, has urged users to apply proper security updates rolled out by the companies.
CERT-In details vulnerability in Apple iTunes
CERT-In has clarified that the vulnerability in Apple iTunes is due to "improper checks in CoreMedia component." A remote attacker could exploit this by sending a crafted request. Successful exploitation could permit the attacker to execute arbitrary codes on the targeted system. This problem affects users of Apple iTunes on Windows prior to version 12.13.2. CERT-In advises users to update their software as a protective measure.
Issues identified in Google Chrome
CERT-In has also identified several vulnerabilities in Google Chrome. They appear due to a bug in the Visuals and ANGLE components called 'use-after-free,' which can cause 'heap corruption' when a hacker executes a specially crafted HTML page. The agency noted that the 'vulnerability under CVE-2024-4671 is being exploited in the wild.' These vulnerabilities affect Google Chrome users on desktop prior to versions 124.0.6367.201/.202 for Windows and Mac, and version 124.0.6367.201 for Linux. Users are advised to update their browsers immediately.
