Apple Releases Update for iTunes on Windows to Mitigate Code Execution Flaw (CVE-2024-27793)

Apple has released a crucial security update for its iTunes software on Windows, addressing a severe vulnerability that could allow remote attackers to execute malicious code on users’ computers. The flaw, tracked as CVE-2024-27793, was discovered by Willy R. Vasquez, a security researcher at The University of Texas at Austin.

The vulnerability existed within the CoreMedia component of iTunes for Windows. By tricking users into opening a maliciously crafted file, an attacker could exploit this flaw to either execute arbitrary code with the privileges of the iTunes process or trigger a denial-of-service condition, crashing the application.

Responding swiftly to this discovery, Apple has released a security update in the form of iTunes 12.13.2 for Windows. This update is designed specifically to counter the threats posed by CVE-2024-27793. The issue was resolved through enhanced verification processes that improve the security of the software against such vulnerabilities.

iTunes 12.13.2 is currently available and can be downloaded at no cost from Apple’s official website. For users who have previously installed iTunes, the update can be applied through the “Apple Software Update” tool included with the software. Alternatively, the update can also be accessed through the Microsoft Store, providing various options for users to secure their systems.