Apple patches iCloud, iTunes for Windows to plug malware hole

By

Apple iCloud for Windows app
Update today!
Photo: Microsoft/Cult ofMac

Apple’s latest patches for iTunes and iCloud for Windows are out to block potential ransomware attacks.

The software previously contained a vulnerability that allowed malware to piggyback on Apple’s digital signatures and go undetected by antivirus software.

And don’t assume you’re safe if you’ve already uninstalled Apple’s apps.

Security firm Morphisec, which first discovered the vulnerability, says it is rarely seen in the wild. But it is a well-known issue that has been identified in other software for more than 15 years.

“It is so thoroughly documented that you would expect programmers to be well aware of the vulnerability,” the company says. But it slipped through the net at Apple.

Zero-day vulnerability in Bonjour

The hole is the result of an unquoted path in Bonjour, the application Apple packages with iTunes and iCloud for Windows to deliver future updates.

Malware creators are able to exploit it by building malicious software that uses Bonjour’s digital signature to go unnoticed. Windows and its users are duped into thinking the software was made by Apple.

The malicious software isn’t distributed as a program with a “.exe” extension, which means it is even more difficult to detect with antivirus software. And it doesn’t need to be placed on the C drive.

The malware can be named “Apple” or “Apple Software” (or something just as inconspicious) and placed in Program Files, where it is unlikely to raise any alarms, Morphisec explains.

Apple has a fix for iTunes on Windows

There is no evidence of this vulnerability being exploited for now. Morphisec reported it to Apple and waited for a fix before disclosing it. But you’re going to need to update your software right away.

Patches for iCloud and iTunes for Windows are available now, and they will eliminate the problem once and for all. And you’ll need to install one of them even if you’ve uninstalled them already.

It turns out that uninstalling iCloud or iTunes does not remove the Bonjour updater from Windows automatically. The app remains silently in the background for years after it is no longer needed.

The fix the issue and remove Bonjour, you’ll need to install the latest version of iTunes, then uninstall it again, ensuring you ask for Bonjour to be removed during the removal process.