Network Security, Patch/Configuration Management, Vulnerability Management

iTunes vulnerability may enable remote code execution

Researchers have unveiled a flaw in iTunes that could allow cyber criminals to execute remote code on target machines. Gjoko Krstic, a researcher at Zero Science Lab, a Macedonian information security company, announced in a blog post that the heap buffer overflow vulnerability is caused by a boundary error that occurs while playlist files are processed. Attackers who exploit the weakness to bait victims can do so through downloaded malicious data veiled as music. The defect, which affects versions 10.6.1 and 10.6.0 of iTunes, was patched last week in version 10.6.3 of the music player.

Related

DDoS attacks spike in first quarter

Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.