Andrew
2024-05-15 01:17:55 UTC
Apple Addresses Critical Security Vulnerability For Windows 10 And 11 Users
Yet again, Apple forgot to test their software - this time in iTunes.
One of the most basic holes happened again with Apple, where a critical
security vulnerability in the iTunes application for Windows 10 and Windows
11 enables arbitrary remote code execution.
There's a reason Apple has the worst support in the industry & the most
exploits, which is basically Apple doesn't bother to sufficiently test.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>
Apple has never caught any of their zero-day bugs, which are
twice in number than any other common consumer operating system.
CVE-2024-27793
Willy R. Vasquez, a Ph.D student and security researcher with The
University of Texas at Austin, whose sandboxing code contributions can be
found in the Firefox 117 web browser, was behind the discovery of
CVE-2024-27793. The vulnerability, rated critical using the Common
Vulnerability Scoring System v3, impacts the CoreMedia framework which
defines the media pipeline used ultimately to process media samples and
manage queues of media data, according to Apple.
CVE-2024-27793 is one of the many vulnerabilities I and my coauthors,
Stephen Checkoway and Hovav Shacham, found in our research on analyzing
H.264 video decoders," Vasquez told me. "We developed a tool called
H26Forge that generates malformed compressed videos, which can be used to
either fuzz a video decoder or exploit a vulnerability in a video decoder."
https://www.forbes.com/sites/daveywinder/2024/05/12/apple-addresses-critical-security-vulnerability-for-windows-10-11-users/
Bear in mind, another reason Apple support is the worst in the industry
is that Apple only fully supports a single release - which is unlike every
other common consumer operating system support of multiple major releases.
<https://screenrant.com/apple-product-security-update-lifespan/>
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>
<https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>
Yet again, Apple forgot to test their software - this time in iTunes.
One of the most basic holes happened again with Apple, where a critical
security vulnerability in the iTunes application for Windows 10 and Windows
11 enables arbitrary remote code execution.
There's a reason Apple has the worst support in the industry & the most
exploits, which is basically Apple doesn't bother to sufficiently test.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>
Apple has never caught any of their zero-day bugs, which are
twice in number than any other common consumer operating system.
CVE-2024-27793
Willy R. Vasquez, a Ph.D student and security researcher with The
University of Texas at Austin, whose sandboxing code contributions can be
found in the Firefox 117 web browser, was behind the discovery of
CVE-2024-27793. The vulnerability, rated critical using the Common
Vulnerability Scoring System v3, impacts the CoreMedia framework which
defines the media pipeline used ultimately to process media samples and
manage queues of media data, according to Apple.
CVE-2024-27793 is one of the many vulnerabilities I and my coauthors,
Stephen Checkoway and Hovav Shacham, found in our research on analyzing
H.264 video decoders," Vasquez told me. "We developed a tool called
H26Forge that generates malformed compressed videos, which can be used to
either fuzz a video decoder or exploit a vulnerability in a video decoder."
https://www.forbes.com/sites/daveywinder/2024/05/12/apple-addresses-critical-security-vulnerability-for-windows-10-11-users/
Bear in mind, another reason Apple support is the worst in the industry
is that Apple only fully supports a single release - which is unlike every
other common consumer operating system support of multiple major releases.
<https://screenrant.com/apple-product-security-update-lifespan/>
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>
<https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>