What you need to know
- A zero-day vulnerability in iTunes and iCloud for Windows allowed ransomware to be installed on Windows PCs undetected.
- Unquoted service path allowed hackers to run malicious apps that wouldn't trigger antivirus software.
- Vulnerability was actively being exploited to run ransomware BitPaymer.
A report from Cybersecurity company Morphisec via ArsTechnica has revealed how a zero-day vulnerability in iTunes and iCloud for Windows allowed hackers to infect Windows computers with ransomware without triggering antivirus software.
According to the report:
Whilst the exploit was patched on Monday in iTunes 12.10.1 and iCloud 7.14 for Windows, anyone who has installed and then uninstalled iTunes on Windows could still be a risk, due to the fact that Bonjour is not automatically removed. Morphisec CTO Michael Gorelik wrote:
According to Morphisec, Apple has not fixed all of the vulnerabilities it reported, only the one that was "abused by the attackers". Morphisec also states that it did not publish the vulnerability until the update was released to fix the problem, and that it "prevented the attack before any damage could have been caused."
The news comes in wake of analyst predictions that hacks targeted at Apple products and software are likely to increase as Apple expands its reach. In the meantime, users of iTunes and iCloud can steer clear of this latest exploit by updating to the latest release of both.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9