A security company Morphisec revealed that those using iTunes on Windows OS might be vulnerable and in danger of becoming a victim of a ransomware attack.
According to recent reports, those who use iTunes on their Windows-running PCs might be in danger of a new ransomware campaign. A security company, known as Morphisec, recently discovered a zero-day vulnerability in the iTunes app. The nature of the flaw allows hackers to misuse it and infect users’ devices with ransomware.
Researchers released the details about the flaw, stating that it can be found in an unquoted path in software that Apple uses for releasing new updates — Bonjour. Typically, any executable file should come in quoted tags, which allows the system to easily find it. However, according to researchers, if the file remains unquoted, it may end up being exploited by bad actors.
Should hackers manage to add their own software to the service path, security can be bypassed, and the end-user would get infected as part of a malicious attack.
While this might seem for Apple, it is important to point out that the company is not the only one who suffers from this same flaw. Instead, the vulnerability has been there in a number of different apps and programs for over a decade. Still, Apple reacted rather quickly by patching the vulnerability and sending a new update that took care of it. However, the responsibility of securing their devices still falls upon the users. Sometimes, the system does not install new updates by itself, and every iTunes user out there must check if their app has been patched.
Ransomware attacks have been a problem for a long time, and many consider them to be one of the worst forms of malware attacks. They infect a device, encrypt all of the files on it, and demand payment in return for the decryption key, which they may or may not provide. Such attacks have been known to hit individuals, institutions, and businesses alike, indicating that anyone could be a valid target for the hackers.
Do you use iTunes? Have you downloaded the new update? Be sure to check and tell us what you think about this new development down in the comments.
Images are courtesy of Shutterstock.