Apple confirms the finding of a critical security flaw in the iTunes program for Windows 10 and Windows 11 users, which could have allowed malicious attackers to execute code remotely at will.
Willy R. Vasquez, a security researcher at the University of Texas in Austin, uncovered the vulnerability, known as CVE-2024-27793. This vulnerability affects the CoreMedia framework, which processes media samples and manages media data queues in iTunes.
A major security flaw in the iTunes app for Windows 10 and Windows 11 users could have allowed malicious attackers to execute code remotely, Apple said in a support article published on May 8.
About CVE-2024-27793
Willy R. Vasquez, a Ph.D. scholar and security expert at The University of Texas at Austin, discovered CVE-2024-27793 and contributed sandboxing code to the Firefox 117 web browser. The vulnerability, rated critical by the Common Vulnerability Scoring System v3, affects the CoreMedia framework, which provides the media pipeline used to process media samples and handle batches of media information, says Apple.
The flaw allows an attacker to execute arbitrary code by sending a maliciously crafted request during the file processing. It is critical to highlight that the attacker does not need physical access to the Windows PC, as
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.