If you’re using iTunes on your Windows PC, then you might want to update to the latest version ASAP. This is because according to recent findings by security firm Morphisec, it seems that they have discovered a zero-day vulnerability in iTunes for Windows which if exploited, would have allowed an attacker to install ransomware on your PC through the software.
The vulnerability was discovered in an unquoted path in Bonjour, the software that Apple uses to push out updates. Usually an executable file should be enclosed in quoted tags, making it simple for the system to locate it. However, when files are unquoted, it leaves them open to the possibility of being exploited, where hackers/attackers can add malicious files to the service path and bypass security software.
Apple is not alone in this as it has been found that this vulnerability exists in a variety of other apps for more than a decade. Apple has since patched the flaw and issued an update that addresses it, so like we said, if you haven’t updated your iTunes just yet, you probably should if you want to avoid any issues.
Ransomware can be a pain because what it does is that it encrypts all the files on your computer, except that the key is being held by the attacker who will release it after you pay them a ransom. In the past, we have seen how ransomware has crippled institutions like hospitals where it locked them out of patient files.
Filed in Hack, Icloud, iTunes, Security, Windows and Windows 10. Source: techradar
. Read more about