CYBER NEWS

iTunes and iCloud Exploited By Hackers and Infected With Ransomware

An unknown hacking group has been found to exploit Apple’s iTunes and iCloud programs in order to deploy ransomware. This is possible by using a zero-day vulnerability which allows the criminals to implant the malicious code without alerting any installed anti-virus engines.




A Zero-day Vulnerability Used To Implant Ransomware In iTunes and iCloud

Computer hackers have discovered a bug in Apple’s iCloud and iTunes that has allowed them to implant ransomware onto computers that have the software installed. At this time there is no information available about the identity of the hacking group, we assume that they are experienced enough in order to have found the flaw. The discovery was made about the Windows version of the applications. The issue was discovered in the shared service that they depend on called Bonjour. This is an important component that is made by Apple that facilitates the zero-configuration networking which is used by them.

Related:
iTerm2, a well-known open-source terminal emulator macOS app, has been found vulnerable to e critical flaw, which is known as CVE-2019-9535.
CVE-2019-9535: 7-Year-Old Bug in iTerm2 macOS App

The type of vulnerability is classified as a unquoted service path which means that one of the developers has made an error by forgetting to surround a file path parameter with quotation marks. In the case of trusted programs which are signed by a well-known developer such as Apple can make it to run code that is not automatically scanned by anti-virus programs. Such vulnerabilities have been found to be found in order important software and services such as graphics drivers and VPN services.

As soon as the security bug was uncovered Apple patched the vulnerabilities in iTunes 12.10.1 and iCloud 7.14. We urge all users to update their installations as soon as possible in order to make sure that they are not affected.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...