Sunday, June 7, 03:24
Home security Critical vulnerability in iTunes: Update right away!

Critical vulnerability in iTunes: Update right away!

iTunesThe iTunes version for Windows found with a critical vulnerability, which can be used by hackers to attack vulnerable systems. Apple recommends to all iTunes users (for Windows) to inform them immediately systems through the latest update that issued the company on 7 October.

The problem started with a malicious code, which was not detected by the antivirus program, as it is considered part of its software Apple. However, the error was discovered by the company's research team Morphisec, which informed Apple. According to researchers, this is a dangerous vulnerability. Morphisec realized the exploitation of the vulnerability in August, when some attacks in automotive systems.

it is about a 'Unquoted path vulnerability', which affects iTunes for Windows, taking advantage of the Bonjour updater that comes with it.

Such vulnerabilities have been known for 15 years. However, it is difficult to locate them individually when they are on software a well-known and trusted source, such as Apple.

What happens is that Apple software itself activates it malicious software. Therefore defense mechanisms cannot act.

Bonjour is distinct from iTunes. When someone uninstalls iTunes, Bonjour still exists. Many people do not know that they have to uninstall separately. According to researchers, many users had uninstalled iTunes from them computers but not Bonjour and as a result it continues to exist and work in the background without being updated. This makes the systems vulnerable.

According to Morphisec, hackers have exploited the vulnerability to install it ransomware BitPaymer, by executing a malicious "program" file. "Bonjour tried to run the 'Program Files' folder, but because of the vulnerability ran BitPaymer ransomware under the program name." In this way, vulnerability avoids detection and bypasses defense mechanisms.

Morphisec researchers have identified many BitPaymer ransomware attacks on US Companies. "At least 15 companies in the field of finance, technology and agriculture have been attacked." The attacks usually take place at the weekend, where they are less likely to be detected. So hackers have enough time to spread ransomware to many Appliances of the targeted network.

Therefore, all users of iTunes for Windows must immediately update their systems so that they do not fall victim to ransomware attack.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...