An unknown hacking group has been found to exploit Apple’s iTunes and iCloud programs in order to deploy ransomware. This is possible by using a zero-day vulnerability which allows the criminals to implant the malicious code without alerting any installed anti-virus engines.
A Zero-day Vulnerability Used To Implant Ransomware In iTunes and iCloud
Computer hackers have discovered a bug in Apple’s iCloud and iTunes that has allowed them to implant ransomware onto computers that have the software installed. At this time there is no information available about the identity of the hacking group, we assume that they are experienced enough in order to have found the flaw. The discovery was made about the Windows version of the applications. The issue was discovered in the shared service that they depend on called Bonjour. This is an important component that is made by Apple that facilitates the zero-configuration networking which is used by them.
The type of vulnerability is classified as a unquoted service path which means that one of the developers has made an error by forgetting to surround a file path parameter with quotation marks. In the case of trusted programs which are signed by a well-known developer such as Apple can make it to run code that is not automatically scanned by anti-virus programs. Such vulnerabilities have been found to be found in order important software and services such as graphics drivers and VPN services.
As soon as the security bug was uncovered Apple patched the vulnerabilities in iTunes 12.10.1 and iCloud 7.14. We urge all users to update their installations as soon as possible in order to make sure that they are not affected.