What you need to know
- A zero-day vulnerability in iTunes and iCloud for Windows allowed ransomware to be installed on Windows PCs undetected.
- Unquoted service path allowed hackers to run malicious apps that wouldn't trigger antivirus software.
- Vulnerability was actively being exploited to run ransomware BitPaymer.
A report from Cybersecurity company Morphisec via ArsTechnica has revealed how a zero-day vulnerability in iTunes and iCloud for Windows allowed hackers to infect Windows computers with ransomware without triggering antivirus software.
According to the report:
Whilst the exploit was patched on Monday in iTunes 12.10.1 and iCloud 7.14 for Windows, anyone who has installed and then uninstalled iTunes on Windows could still be a risk, due to the fact that Bonjour is not automatically removed. Morphisec CTO Michael Gorelik wrote:
According to Morphisec, Apple has not fixed all of the vulnerabilities it reported, only the one that was "abused by the attackers". Morphisec also states that it did not publish the vulnerability until the update was released to fix the problem, and that it "prevented the attack before any damage could have been caused."
The news comes in wake of analyst predictions that hacks targeted at Apple products and software are likely to increase as Apple expands its reach. In the meantime, users of iTunes and iCloud can steer clear of this latest exploit by updating to the latest release of both.
> anyone who has installed and then uninstalled iTunes on Windows
> could still be a risk, due to the fact that Bonjour is not automatically removed.
Reason why legacy win32 must be sandboxed, for security, and to provide clean uninstallation.
I knew iTunes was a virus
Does this affect the windows store version or just the legacy version?
Bonjour was always a POS
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.