[German]There are vulnerabilities in the Bonjour updater in iTunes and iCloud for Windows that are currently being exploited by cyber criminals to spread ransomware. Apple has now released updates to close this vulnerability. Anyone who has ever installed Apple software a la iTunes or iCloud on their Windows system should act now.
The Hacker News reports in the article Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks, that cyber criminals are using recently discovered vulnerabilities in the Bonjour updater (the article speaks of 0-day vulnerabilities) of Apple’s iTunes and iCloud for Windows for BitPaymer and iEncrypt Ransomware attacks.
Bonjour updater vulnerable
The vulnerable component is the Bonjour updater, a configuration-free implementation of the network communication protocol that works in the background and automates various low-level network tasks. This includes automatically downloading updates for Apple software.
Since the Bonjour updater is installed as a separate program on the system, Bonjour is not removed when iTunes and iCloud are uninstalled. Therefore, this Bonjour updater is present on many Windows computers and has not been updated after uninstalling iTunes or iCloud, but runs in the background.
Cyber security researchers at Morphisec Labs discovered the exploitation of the Bonjour zero-day vulnerability in August. At the time, the attackers targeted an unnamed automotive company and infected the systems with the BitPaymer Ransomware. Details of the vulnerability can be found in the article Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks.
Apple provides Updates for iTunes/iCloud
Immediately after the discovery of the attack, the Morphisec Labs security researchers informed Apple of the details of the attack. Apple released iCloud for Windows 10.7, iCloud for Windows 7.14 and iTunes 12.10.1 for Windows a few hours ago to close the vulnerability.
Windows users who have iTunes and/or iCloud installed on their system are strongly advised to update their software to the latest versions. Users who have ever installed and then uninstalled this Apple software on their Windows computer should check the list of installed applications on your system (in Control Panel in Installed Applications). If a Bonjour updater is listed there, this software should be uninstalled manually.