 |
Windows 10: iTunes and iCloud can infect you with a ransomware, update them! |
A zero-day flaw in iTunes and iCloud applications on Windows 10 allows you to install malware without antivirus protection. This vulnerability is exploited to install a ransomware with the name "BitPaymer" , that encrypts the entire hard disk or SSD victims.
Read More : Vulnerability on a series of D-Link routers allows remote code execution but will not be fixed !!!!
While Mac users are just saying goodbye to iTunes with the arrival of macOS Catalina, the application is still available on Windows 10 and it needs to be updated, just like iCloud .
Apple has indeed corrected a zero-day flaw that was discovered by the security company Morphisec.
The flaw comes from a commonplace error in the HELLO component code that is included in the iTunes and iCloud package.
Apple developers have forgotten to tag the component path in quotation marks. This flaw is known as "unquoted vulnerability path".
In other words, if a program is located in c:\program files\subdirectory1\program.exe,
an attacker could exploit the absence of quotation marks around the path in the code to execute
a malware present in another folder located at a c:\program files\subdirectory1\malware address.
0 Comments