Apple has fixed a serious bug in iTunes It's from iCloud for Windows that made it possible to install ransomwares on PCs, as reported by Forbes. RansomwareIf you don't know, it is a type of malicious software that makes data stored on a machine inaccessible, usually through encryption. Thus, the hacker requires a ?ransom? payment to reestablish user access.
The loophole resulted from an unspecified Bonjour crash (Apple's protocol that bundles some of its software to install it on PCs) and basically allowed malware to run on Windows, which identified it as a trusted app.
Such malware took advantage of Apple's Bonjour certificate to go unnoticed by Windows, meaning both the user and the operating system believe the software was developed by Ma. Morphisec, the security company that discovered the flaw, explained that malware Bitpaymer was using this attack scheme to infect systems.
When the flaw is in a trusted program like those digitally signed by a developer known as Apple, attackers can exploit it to make the software execute a code that antivirus protection cannot flag as suspicious.
Users who previously uninstalled iTunes and Windows iCloud are not necessarily out of danger. As everything is part of Bonjour, the tool must be removed separately, otherwise this contamination route will remain open.
Morphisec waited for Apple to fix the bug so that it could detail it and found that BitPaymer was relatively recent, having been seen for the first time in attacks on hospitals, universities and government agencies. In one case, the attackers demanded a ransom of 70 Bitcoins (about $ 570,000).
The fix is ??already available in iTunes version 12.10.1 and iCloud 7.14 for Windows.