A rather serious vulnerability of Apple iTunes, has recently affected users Windows PC. Discovered by cybersecurity company Morphisec, the vulnerability is found in a path left open in iTunes for Windows. Through this vulnerability Zero-Day, attackers are allowed to exploit the target system and launch cryprovirusi ransomware, of the type BitPaymer si IEncrypt.
This vulnerability "Apple Zero-Day”Is present in the update service Hi al Apple, which is installed with Apple iTunes si Apple iCloud pe Windows PC.
The vulnerability arose from the negligence of the developers, who, although they have known for a long time, that leaving a path open without quotation marks opens an important breach in the security system, which can be exploited immediately by attackers. The worst part is that these breaches are almost impossible to detect by the antivirus software and the security security system of the Windows. The correct closure of a path is always done with quotation marks. "\\", to avoid vulnerabilities. In this case, the security breach left open allowed the attackers to exploit the Bonjour service, a reliable service with digital signature of Apple, and launch ransomware applications without being detected by security systems. Basically, everything came through a reliable service / applications.
Apple has remedied this vulnerability in iTunes 12.10.1 and in the update iCloud for Windows 7.14, but for users who have uninstalled iTunes si iCloud pe Windows, the problem is a little more complicated. The Bonjour component is installed with one of the two applications (iTunes or iCloud), but few users know that uninstalling Bonjour is done separatelyAs autonomous application. Uninstalling iTunes and iCloud will leave Bonjour installed along with the security breach on the operating system Windows.
If in the past you had iTunes installed on Windows PC, it is good to check in the list of programs if Bonjour somehow has remained installed. Users who have older versions of iTunes are prompted to update immediately to the latest versions.
Mac users are not affected by this vulnerability.