Indian govt issues high security warning for Google Chrome and Apple iTunes users

New Delhi/IBNS: The Computer Emergency Response Team (CERT-In) under the Indian government's Ministry of Electronics and Information Technology has issued a warning about vulnerabilities in Apple iTunes and Google Chrome desktop applications.

IBNS • 13 May 2024, 05:03 am

According to the CERT, these vulnerabilities could allow hackers to remotely access a user's device and execute arbitrary code.

CERT warning for Apple iTunes users:

The CERT said a vulnerability has been reported in Apple iTunes which could be exploited by a remote attacker to execute arbitrary code on the targeted system.

Explaining the issue via a report, the government agency said this vulnerability exists in the Apple product due to improper checks in the CoreMedia component.

"A remote attacker could exploit this vulnerability by sending a specially crafted request," as per CERT.

According to CERT, this vulnerability affects users of Apple iTunes on Windows prior to version 12.13.2.

Describing the solution, CERT states that updating to the latest version of iTunes should help mitigate the potential vulnerabilities, and to update their iTunes applications on Windows, users can go to the Help section and click Check for Updates.

CERT warning for Google Chrome users:

Besides Apple iTunes, the agency has also found several vulnerabilities in Google Chrome that could be used by a potential hacker to gain access to a targeted system.

The vulnerabilities in Chrome exist due to a bug in the Visuals and ANGLE components called 'use-after-free' and could be used by a hacker to execute a specially crafted HTML page to cause ‘heap corruption’, according to the CERT.

It stated that the ‘vulnerability under CVE-2024-4671 is being exploited in the wild, and users are advised to patch the vulnerable devices immediately.’

The vulnerabilities affect Google Chrome users on desktop prior to version 124.0.6367.201/.202 for Windows and Mac and version 124.0.6367.201 for Linux, as per the government agency.

Explaining solutions to the issue, CERT has advised Google Chrome users on Windows, Mac and Linux to update to the latest version to mitigate potential vulnerabilities.

To update to the latest version, users can navigate to the 'Help' option and click on 'About Google Chrome', which will automatically search for a new version, it added.