A zero-day vulnerability in iTunes and iCloud apps on Windows PCs enabled attackers to install ransomware without triggering antivirus protections.
Ransomware encrypts the entire hard drive or SSD with a key known only to the attacker, enabling them to demand a ransom to decrypt the machine…
Essentially, a bug in Apple’s apps meant that an attacker could get them to run a malicious app, while antivirus software wouldn’t check what was happening because it was apparently being done by signed Apple apps and therefore automatically flagged as ok.
Apple has patched the vulnerability in iTunes 12.10.1 for Windows and iCloud for Windows 7.14, so PC users should check they have both updates installed. Additionally, if you’ve ever run iTunes on your PC, even if you later removed it, you could still be at risk.
Macs are not affected, no matter which version of macOS you are running. Additionally, macOS Catalina replaces iTunes with a brand new Music app.
Morphisec says the vulnerability was being actively exploited to install ransomware called BitPaymer. It reported the issue to Apple and has disclosed details only now that the company has released updates to close the security hole.
Source: 9to5macRelated posts: