NEW DELHI: The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics & Information Technology, has warned users of vulnerabilities in Apple iTunes and Google Chrome for desktop which could allow an attacker to execute arbitrary code on the targeted system.
The affected software includes Apple iTunes versions prior to 12.13.2 for Windows. For Chrome for Desktop, the affected software includes — versions prior to 201/202 (for Windows and Mac) and versions before 201 (for Linux).
“A vulnerability has been reported in Apple iTunes which could be exploited by a remote attacker to execute arbitrary code on the targeted system,” said the CERT-In advisory.
The ‘Remote Code Execution’ vulnerability exists in the Apple Product due to improper checks in the CoreMedia component. A remote attacker could exploit this vulnerability by sending a specially crafted request, the advisory mentioned.
In addition, the cyber agency said that the reported vulnerabilities exist in Google Chrome due to use-after-free errors in Visuals & ANGLE components; and heap buffer overflow in WebAudio.