If you haven’t yet, pause reading and make sure you iTunes is up to date.  (the fix is applied in iTunes 12.10.1 for Windows and iCloud for Windows 7.14).

According to Morphisec, zero-day vulnerability in iTunes for Windows is exploited, and have allowed a hacker to install ransomware on your PC.

The vulnerability was discovered in an unquoted path in Bonjour, the software that Apple uses to push out updates. Usually an executable file should be enclosed in quoted tags, making it simple for the system to locate it. However, when files are unquoted, it leaves them open to the possibility of being exploited, where hackers/attackers can add malicious files to the service path and bypass security software.

Why you should avoid Ransomware: it simply encrypts all your files on your computer and key only can be obtained after ransom is payed usually through bitcoins. Therefore, please be safe and keep your iTunes and all other programs UpToDate. 

Source: techradar

Source: ubergizmo

Share This