A vulnerability in iCloud and iTunes apps for Windows has allowed attackers to bypass antivirus protection and install ransonmware. Once infected, the hard drive becomes encrypted with a key that only the attacker knows, which gets leveraged as a sort of ransom.
Security firm Morphisec was the first to find the vulnerability. A bug within Apple apps allow attackers to piggyback a malicious app without triggering antivirus actions as it’s signed in and automatically approved.
The vulnerability has been patched with version 7.14 for iCloud and 12.10.1 for iTunes. Update your iTunes and iCloud to the latest version to ensure you’re protected against ransomware attempts. If you’ve used iTunes before, make sure you’ve also uninstalled the Bonjour component.
Mac computers are unaffected. Plus, iTunes has already been replaced by the new Music app. Morphisec reported the issue and disclosed important details to Apple, which led to updates that fixed the security holes.