Vulnerabilities in iTunes and iCloud allow ransomware to run on PCs

14. 10. 2019

iTunes and iCloud users on PC were exposed to a bug that allowed attackers to easily run malicious code.

According to the latest information, it was most often a so-called ransomware, i.e. a malicious program that encrypts a computer disk and requires the payment of a given financial amount in order to decrypt the disk. The situation was all the more serious because antiviruses did not detect the ransomware launched in this way.

The vulnerability was in the Bonjour component that both iTunes and iCloud for Windows rely on. An error known as an "unquoted path" occurs when a programmer neglects to enclose a text string with quotes. Once the bug is in a trusted program – ie. digitally signed by a verified developer such as Apple - so an attacker can easily use it to run malicious code in the background without this activity being caught by antivirus protection.

Antiviruses on Windows often do not scan trusted programs that have valid developer certificates. And in this case, it was an error that directly related to iTunes and iCloud, which are programs both signed by Apple's certificate. Security therefore did not check him.

Mac computers are safe according to experts

Apple has already fixed the bug in iTunes 12.10.1 for Windows and iCloud 7.14 for Windows. PC users should therefore immediately install this version or update the existing software.

However, users may still be at risk if, for example, they have previously uninstalled iTunes. Uninstalling iTunes does not remove the Bonjour component and it remains on the computer.

Experts from security agency Morphisec were surprised at how many computers are still exposed to the bug. Many of the users have not used iTunes or iCloud for a long time, but Bonjour remained on the PC and was not updated.

However, Macs are completely safe. In addition, the new version of the macOS 10.15 Catalina operating system completely removed iTunes and replaced it with three separate applications Music, Podcasts and TV.

Morphisec experts discovered that the bug was often used by the BitPaymer ransomware. Everything was reported to Apple, who subsequently released the necessary security updates. iTunes, unlike macOS, remains the same the main synchronization application for Windows.

Source: 9to5Mac

Topics: ransomware, Disks, iCloud, 9to5mac, Windows, tv, music, iTunes, program, MacOS

Discussion of the article

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

It could be interest you

Mac computers are safe according to experts

It could be interest you

Related