A zero-day security flaw in the Windows versions of Apple’s iTunes and iCloud apps allowed hackers to bypass antivirus protection and install ransomware called BitPaymer.
Security company Morphisec explains that the vulnerability was discovered in a component included in the Apple Software Update service and which both iTunes and iCloud use on Windows.
The so-called unquoted service path made it possible for malicious actors to sneakily get into a Windows computer by avoiding detection using the vulnerable software. The attackers were able to execute code on behalf of iTunes and iCloud, both of which are digitally signed by Apple, so antivirus protection could fail to flag the malicious payloads as dangerous.
Once the ransomware infection compromises a Windows host, access to locally-stored files is blocked, and users are required to pay for a decryption key to regain access to… (read more)
Source: Latest News