The all in one place for non-profit security aid.
Comments on the US National Cybersecurity Strategy Implementation Plan. Acting National Cyber Director will not be offered permanent role. Read More
The CyberWire
Apple iTunes For Windows Flaw Let Attackers Execute Malicious Code
A new arbitrary code execution vulnerability has been discovered in iTunes that could allow a threat actor to perform malicious activities.
This vulnerability has been assigned with CVE-2024-27793 and the severity is yet to be categorized.
Apple has released a security advisory for addressing this vulnerability which also specified that “Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available”
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
According to the reports shared with Cyber Security News, this vulnerability exists in iTunes version prior to 12.13.1 for Windows which could allow parsing a malicious file which may lead to unexpected app termination or arbitrary code execution on the affected device.
However, Apple has addressed this vulnerability by improving checks before parsing a malicious file.
Users of Apple iTunes for Windows are recommended to upgrade to iTunes version 12.13.2 for patching this vulnerability.
In recent times, there have been several vulnerabilities being identified in Apple in which the most recent one was the SQL injection vulnerability that led to hacking the infrastructure of Apple.
Some of the interesting cases of Apple products being targeted by threat actors are “push bombing” attacks, GoFetch vulnerability exploitation, a type confusion zero-day (CVE-2024-23222) and several others.
Additionally, there were also cases where Apple’s iMessage was exploited. It is recommended for users of Apple products to upgrade their devices to the latest versions in order to prevent these kinds of vulnerabilities getting exploited by threat actors.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
The post Apple iTunes For Windows Flaw Let Attackers Execute Malicious Code appeared first on Cyber Security News.
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs.
Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution.
"An unauthenticated, malicious actor can inject files Read More
The Hacker News | #1 Trusted Cybersecurity News Site