The Zune and other mobile apps that use the Zune app store have been infected with a Zune-based exploit that could allow remote attackers to access sensitive information via a specially crafted website, according to security researchers.
The exploit was reported by ZDNet on Wednesday.
Once the user is logged in, they would be redirected to the Zunes website, where they would see a “GET” request to a specially-crafted domain.
The site could also send a specially encoded URL to the user’s browser, allowing the attacker to execute arbitrary code.
This is not the first time a Zumes vulnerability has been exploited in the wild.
Last year, the Zumies security team uncovered a malicious web page that exploited an inbound GET request on a Zuma mobile app that used the same code.
In 2016, a Zume exploit was used to cause the Zuma iOS and Android apps to download malicious apps.