A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.

Yet again, Apple proves to not have tested their software sufficiently...
o For years and years and years and years (just like Google proved)...

A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed
hackers to install ransomware undetected.
"The ... vulnerability ...is a well-known bug that has previously been
identified by other vendors for more than 15 years."

o APPLE ZERO-DAY EXPLOITED IN NEW BITPAYMER CAMPAIGN
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
"we have identified the abuse of an Apple zero-day vulnerability in the
Apple Software Update utility that comes packaged with iTunes for Windows.
The Windows exploit is important to note given Apple is sunsetting iTunes
for Macs with the release of macOS Catalina this week, while Windows users
will still need to rely on iTunes for the foreseeable future."

"In most cases, people are not aware that they need to uninstall the
Apple Software Update component separately when uninstalling iTunes.
Because of this, machines are left with the updater task installed and
working. We were surprised by the results of an investigation that showed
Apple Software Update is installed on a large number of computers across
different enterprises. Many of the computers uninstalled iTunes years ago
while the Apple Software Update component remains silently, un-updated, and
still working in the background. Following this discovery, we identified
the attack surface and the motivation of the attacker to choose this
process for evasion."

In article , Arlen _G_ Holder
wrote:

Yet again, Google proves to not have tested their software sufficiently...

ftfy

https://www.theverge.com/2019/10/4/2...ity-vulnerabil
ity-project-zero-pixel-galaxy-huawei-xiaomi
Security researchers with Google¹s Project Zero team have disclosed
an Android vulnerability that appears to have been exploited in the
real world, ZDNet reports. The issue affects phones manufactured by
Samsung, including the Galaxy S7, S8, and S9, as well as the Huawei
P20, Pixel 1, and Pixel.

On Fri, 11 Oct 2019 12:31:34 -0400, nospam wrote:

Security researchers with Google¹s Project Zero team have disclosed
an Android vulnerability

Hi nospam,

Have you _ever_ posted a purposefully helpful post, in your life, nospam?
o Not even once?

You _always_ easily prove to own the 7 basic habits of Apple apologists
o Here https://groups.google.com/d/msg/misc.phone.mobile.iphone/18ARDsEOPzM/veU8FwAjBQAJ

A basic habit is to brazenly deflect facts which conflict with marketing messages
o By blaming everyone but Apple - for Apple's lack of QA testing & security flaws

Facts on iOS & Android security/vulnerabilities are covered in gory detail
o Here https://groups.google.com/d/msg/misc.phone.mobile.iphone/MiZixhidmOs/ATC1S3s4FQAJ

Back to the purposefully factual on-topic conversation on the potluck...
o Here are some pragmatic hints for Windows users to protect themselves

"Since the vulnerability was in the Bonjour component that iCloud and
iTunes for window rely on, itÿs possible that some users are still at risk
because Bonjour is not automatically removed after installation. Bonjour
needs to be uninstalled separately. PC users should ensure that theyÿve
updated to the latest versions of iCloud and iTunes to avoid any issues.
Mac users have not been impacted by this vulnerability."

See also 9to5Mac:
o Vulnerability in iTunes and iCloud allowed Windows PC ransomware infection
https://9to5mac.com/2019/10/11/vulnerability-in-itunes/
"A zero-day vulnerability in iTunes and iCloud apps on Windows PCs
enabled attackers to install ransomware without triggering antivirus
protections. "

There's a reason I've been logically assessing iTunes as an abomination,
for years, nospam, particularly the atrociously coded installer program...
"If youÿve ever run iTunes on your PC, even if you later removed it, you
could still be at risk. Thatÿs because the iTunes uninstaller doesnÿt
automatically remove Bonjour."

As most people know, the iTunes abomination is deprecated by Apple:
"Macs are not affected, no matter which version of macOS you are
running. Additionally, macOS Catalina replaces iTunes with a brand new
Music app."

For more information on replacing the iTunes abomination, see:
o What functionality does iTunes do for you that you'll need to replicate without iTunes?
https://groups.google.com/d/msg/misc.phone.mobile.iphone/v2jT-sWIKR0/gA45WfO6AAAJ

--
Bringing TRUTH to the Apple newsgroups... one fact at a time.

On Fri, 11 Oct 2019 13:13:22 -0700, Alan Baker wrote:

misc.phone.mobile.iphone needs to know about it?

comp.sys.mac.system needs to know?

alt.comp.freeware?

Hi Alan Baker,
Why don't you apologists understand things Apple didn't feed you?
o The iTunes freeware, on all platforms, is an abomination.

I've been proving, for years, iTunes freeware is an abomination
o It doesn't even matter the platform

The fact is that the iTunes freeware is called an abomination
o For very good factual reasons, Alan Baker.

Even Apple knows this - which is why they deprecated the abomination.

You apologists have apologized for the iTunes abomination since the start
o You apologized for it wiping out all our MP3 audio files
o You apologized for its idiotic installer
o You apologized for it being the canonical example of bloatware
o You apologized for it requiring the installation of Quicktime
o You apologized for its requirement of Bonjour
etc.

Each of these examples, I can find a reference backing up my claims
o Where you apologists have been making excuses for the abomination

All you apologists ever do - is make excuses for the iTunes abomination
o Where even Apple doesn't even want us to use it anymore

iTunes is that much of an abomination, even Apple dropped it.

I've been proving that it's an abomination for years, Alan Baker
o On all the common consumer platforms I own

The only ones who don't know iTunes is an abomination
o Are you apologists

Why?
o I don't know why.

I think it's perhaps you only know what Apple marketing feeds you.

For example, not only should Windows users wipe the iTunes abomination off
their system, but there's NOTHING that the iTunes abomination does (AFAIK),
that Windows users can't do WITHOUT the iTunes abomination, Alan Baker.

If you (or any of the apologists) think there's something functional
the iTunes abomination does on Windows that the Windows users can't get
with other freeware, just let us know.

I have plenty of iPods and iOS devices to test on Windows, Alan.
o I've been proving the iTunes abomination is an abomination for a reason.

--
Bringing adult logical thought processes to the Apple newsgroups.

Arlen _G_ Holder wrote:
On Fri, 11 Oct 2019 13:13:22 -0700, Alan Baker wrote:

misc.phone.mobile.iphone needs to know about it?

comp.sys.mac.system needs to know?

alt.comp.freeware?

Hi Alan Baker,
Why don't you apologists understand things Apple didn't feed you?
o The iTunes freeware, on all platforms, is an abomination.

I've been proving, for years, iTunes freeware is an abomination
o It doesn't even matter the platform

The fact is that the iTunes freeware is called an abomination
o For very good factual reasons, Alan Baker.

Even Apple knows this - which is why they deprecated the abomination.

You apologists have apologized for the iTunes abomination since the start
o You apologized for it wiping out all our MP3 audio files
o You apologized for its idiotic installer
o You apologized for it being the canonical example of bloatware
o You apologized for it requiring the installation of Quicktime
o You apologized for its requirement of Bonjour
etc.

Each of these examples, I can find a reference backing up my claims
o Where you apologists have been making excuses for the abomination

All you apologists ever do - is make excuses for the iTunes abomination
o Where even Apple doesn't even want us to use it anymore

iTunes is that much of an abomination, even Apple dropped it.

I've been proving that it's an abomination for years, Alan Baker
o On all the common consumer platforms I own

The only ones who don't know iTunes is an abomination
o Are you apologists

Why?
o I don't know why.

I think it's perhaps you only know what Apple marketing feeds you.

For example, not only should Windows users wipe the iTunes abomination off
their system, but there's NOTHING that the iTunes abomination does (AFAIK),
that Windows users can't do WITHOUT the iTunes abomination, Alan Baker.

If you (or any of the apologists) think there's something functional
the iTunes abomination does on Windows that the Windows users can't get
with other freeware, just let us know.

I have plenty of iPods and iOS devices to test on Windows, Alan.
o I've been proving the iTunes abomination is an abomination for a reason.

Could you timeline the course of your interaction with iPods and Windows to
determine at about what point you became obsessively unhinged? Was it a
gradual decline or all of a sudden? Kinda weird that software stalking
could be a thing, but here you are.

On Fri, 11 Oct 2019 21:08:54 -0500, *Hemidactylus* wrote:

He has to self-justify his purchases of so many Windows machines on which
he installed iTunes and the abominable Apple Software Update component and
Bonjour snowmen and all the associated iDevices over the years spending
sleepless nights demonstrating their threats to world civilization as we
know it and warning the hapless victims because he is the Savior. Nobody
listened. The threat continued to grow. But nobody listened. He tested,
warned, and tested some more. Nobody listened. He posted links, listed the
enemies of the truth, but nobody ever listened. iTunes is his Manbearpig
and nobody takes him cereal.

Think of his opportunity costs. Such tragic personal sacrifice to no avail.
No fanfare. Just killfiled apathy or or the spectators bemusement that
eventually converges upon Schadenfreude.

Hi Hemidactylus,

If it seems that an adult with mere facts is the opposite of you apologists
o Then you're actually reading these threads correctly (kudos to you).

Here is a mere fact that adults handle differently than do apologists:
o Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks
https://thehackernews.com/2019/10/apple-bonjour-ransomware.html

How do you apologists handle a mere fact such as that fact?

Well .. thank you for proving yet another common habit of the Apologists.
o The Apologists have absolutely no adult response to mere facts

Such as this mere fact:
o A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed
hackers to install ransomware undetected.

Most adults deal with mere facts by doing two simple things
a. They comprehend the mere fact
b. They form adult belief systems based on those mere facts

But not the child-like Apple Apologists.

The child-like Apologists instantly react to facts, with hateful vitriol.
o All aimed, literally, at the mere bearer of those adult facts

Why?
o I don't know why.

I think facts instantly DESTROY the wholly imaginary belief system
carefully built up by (admittedly clever) Apple Marketing.

Mere facts literally _scare_ the Apple apologists!

They act just like a fifth grader might when told Santa Claus isn't real.
o Apologists instantly and viciously attack the mere bearer of facts

It's one of the basic 7 habits all apologists have - in reaction to facts.
o What are the common well-verified psychological traits of the Apple Apologists on this newsgroup?
https://groups.google.com/d/msg/misc.phone.mobile.iphone/18ARDsEOPzM/veU8FwAjBQAJ

Back on topic, those child-like apologists, like Joerg Lorenz, will
appreciate that even his vaunted belief only in facts reported in the
German media can be trusted, are he
o English:
https://borncity.com/win/2019/10/11/itunes-and-icloud-for-windows-vulnerability-is-exploited/
o German
https://www.borncity.com/blog/2019/10/11/itunes-und-icloud-for-windows-schwachstelle-wird-ausgenutzt/
"The vulnerable component is the Bonjour updater, a configuration-free
implementation of the network communication protocol that works in the
background and automates various low-level network tasks. This includes
automatically downloading updates for Apple software.

Since the Bonjour updater is installed as a separate program on the system,
Bonjour is not removed when iTunes and iCloud are uninstalled. Therefore,
this Bonjour updater is present on many Windows computers and has not been
updated after uninstalling iTunes or iCloud, but runs in the background."

--
Bringing TRUTH & LOGIC to the Apple newsgroups; one mere fact at a time.

On Fri, 11 Oct 2019 12:31:34 -0400, nospam
wrote:

In article , Arlen _G_ Holder
wrote:

Yet again, Google proves to not have tested their software sufficiently...

ftfy

https://www.theverge.com/2019/10/4/20898460/android-security-vulnerability-project-zero-pixel-galaxy-huawei-xiaomi
Security researchers with Google¹s Project Zero team have disclosed
an Android vulnerability that appears to have been exploited in the
real world, ZDNet reports. The issue affects phones manufactured by
Samsung, including the Galaxy S7, S8, and S9, as well as the Huawei
P20, Pixel 1, and Pixel.

Thanks. My maid uses a cellphone with Android. I'll pass it on
to her.
PS OT in alt.comp.freeware. Please check
troll-header-follow-ups before replying. OT up.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

In article , Frank Slootweg
wrote:



Why is posting about a zero day Android vulnerability less helpful,
"Arlen"?

I'm the last person to 'defend' 'Arlen' and it *is* Arlen's typical MO
to troll about anything Apple.

But in *this* case, it *is* about Apple software on Windows and he
posted only to related groups, i.e. no trolling by crossposting to (for
example) comp.mobile.android.

So in *this* case, nospam's response was irrelevant/off-topic and
hence a troll in itself.

misc.phone.mobile.iphone needs to know about it?

Yes, because you need iTunes to connect/use an iPhone with
(MS-)Windows.

nope. itunes is *not* required to use an iphone or any other ios device
on windows or macos.

ios devices can be used standalone, without any other computer at all.

itunes does offer additional functionality, but using it is *optional*.

comp.sys.mac.system needs to know?

Yes:

"The Windows exploit is important to note given Apple is sunsetting
iTunes for Macs with the release of macOS Catalina this week, while
Windows users will still need to rely on iTunes for the foreseeable
future."

nope. itunes no longer exists in catalina and the exploit doesn't exist
for older versions of macos & itunes.

this issue *only* affects windows, and only those who have installed
itunes (again, it's optional).

alt.comp.freeware?

Of course! *Everything* should be crossposted to alt.comp.freeware!

But seriously, you're right, alt.comp.freeware is one of 'Arlen's
default groups, but it's irrelevant to the topic at hand.

as it is for everything other than windows related newsgroups.

if he wanted to be helpful rather than troll, he would have included
the win7 newsgroup.

On Sat, 12 Oct 2019 11:03:36 -0400, nospam wrote:

itunes does offer additional functionality, but using it is *optional*.

Hi nospam,

Thank you, yet again, for proving the point about you Apologists.

One the one hand, you _insist_ iTunes is used for certain iOS IPA backups
o And now, when it suits your purposes, all of a sudden, it's "optional".

There are so many instances, the intelligent reader will understand when I
simply summarize this one sentence from nospam, before going into detail:
o nospam
https://groups.google.com/d/msg/misc.phone.mobile.iphone/IeOlsAV4VCU/ceHmbY08M0EJ
"what you can do is sync the ios device with your computer which copies
the apps to it and then sync the other ios devices, choosing which apps
to install (they don't have to be the same) but you refuse to use
itunes so that option is out."

As for iTunes being "optional", notice what nospam said in that thread:
o nospam
"use itunes so none of this nonsense is needed."

The fact is, when it suits nospam's purposes, his answer is "iTunes"...

Here, for example, on January 15th, nospam tells badgolferman to use itunes
https://groups.google.com/d/msg/misc.phone.mobile.iphone/MiZixhidmOs/22mB1uHCFQAJ

o badgolferman to nospam:
"Please explain. iTunes has removed app management capability. I used to
be able to do that with iTunes but no more"
o nospam to badgolferman:
"there's a separate fork of itunes that retains that ability"
o badgolferman to nospam:
"Where does one find this separate fork of iTunes?"
o nospam to badgolferman:
"https://support.apple.com/en-us/HT208079
If you've already installed a newer version of iTunes, you
can download this version of iTunes for your Mac, PC (32-bit), or
PC (64-bit) and run the installer. After installation is complete,
you can continue to deploy apps with iTunes."
NOTE: nospam's only 'other' option is for badgolferman to be a 'developer'.

Here's another (there are plenty)...about a year ago, Oct. 18, 2018
https://groups.google.com/d/msg/misc.phone.mobile.iphone/56nEgAZIjGk/QoMXl4TFBAAJ
o Ant to nospam:
"Does iTunes' backups and sync keep copies of these old installed apps? If
"so, then how do I restore that single app (not the whole iPhone!)?
o nospam to Ant
"if you kept an older copy, you can sync it to the phone"
o JF Mezei to Ant
"https://support.apple.com/en-ph/HT201593
If you made a backup of it using old iTunes, you can find that file and
manually move it to your iPhone."
o nospam to JF Mezei & Ant
"itunes used to sync apps downloaded on a device, but with app thinning,
it no longer does that. in its place, itunes can automatically download
apps on its own that are downloaded on a device, without the sync."
o Lewis to Ant
"If you want the CURRENT versions of all your apps, install iTunes"
etc.

And another (as I said, there are plenty), on July 21, 2018
https://groups.google.com/d/msg/comp.mobile.ipad/Tufx3qIBZBw/TDZQfsILCAAJ
o Wade Garrett to group:
" how can I get a copy onto my iPad Mini?"
o nospam to Wade Garrett:
"it would also be available in an itunes backup."
"anyone who claims it can't be done is ignorant or trolling"
o Jolly Roger to Wade Garrett:
"You can install and use iTunes version 12.6.4 to download iOS apps from
the App Store to your computer, and sync them with an iOS device you
want: https://support.apple.com/en-us/HT208079
I keep a macOS install with this version of iTunes in a VMware Fusion VM
for app archival purposes. I have ever version of every app installed on
all of my iOS devices archived going back a few years."
o Jolly Roger to Wade Garrett:
"Here's a crash course in grabbing anything you want out of iTunes
backups: If you open iTunes Preferences Devices, you can right-click any
of the backups listed there and choose Show in Finder to open a window
showing the backup folder to figure out which folder corresponds to the
backup you want. "
o Jolly Roger to Wade Garrett
"Install it on another machine that you aren't using for iTunes. Or hold
down Option while launching iTunes and create a new alternate library
just for this version."
etc.



For more, see also:
o Why do the Apple Apologists constantly send poor unsuspecting iOS users on wild goose chases?
https://groups.google.com/d/msg/misc.phone.mobile.iphone/ynh0PE9lK_I/QOiGP4_SFQAJ

--
Bringing adult thought processes to Apple ng's; one fact at a time.

On 10/11/2019 11:35 AM, Frank Slootweg wrote:

snip

So in *this* case, nospam's response was irrelevant/off-topic and
hence a troll in itself.

With proper filters, there can be an long thread between multiple trolls
without you ever seeing any of the posts, and you can miss the rare
instance where at least one of them posts something interesting,
relevant, coherent, and accurate.

Going back to Google Groups to read this thread, indeed you are correct.
"Arlen Holder" has posted something interesting, relevant, coherent, and
accurate.

It will be interesting to see the future of iTunes for Windows. Using an
iPhone with Windows, iTunes is required for transferring content between
a computer and the iPhone. Apple doesn't want to lose iPhone owners that
use Windows, which is the vast majority of iPhone owners.

The most likely scenario is that they'll retire iTunes for Windows and
come up with a Windows suite containing Apple Music, Apple TV, Apple
Podcasts, and Apple Books, and syncing capability, which does
essentially the same thing as iTunes does now, but in a new wrapper.

On Oct 14, 2019, sms wrote
(in article ):

On 10/11/2019 11:35 AM, Frank Slootweg wrote:

snip

So in *this* case, nospam's response was irrelevant/off-topic and
hence a troll in itself.

With proper filters, there can be an long thread between multiple trolls
without you ever seeing any of the posts, and you can miss the rare
instance where at least one of them posts something interesting,
relevant, coherent, and accurate.

The only time I ever see any of “Arlen Holder’s� psychotic musings
these days is whenever others reflexively respond to him.


Going back to Google Groups to read this thread, indeed you are correct.
"Arlen Holder" has posted something interesting, relevant, coherent, and
accurate.

The sublime quality of his obsession makes all of his posts irrelevant,
incoherent, uninteresting (to other than mental health professionals), and
astonishingly inaccurate.The result is, I care not a whit what he rants
about, and wish that others would restrain themselves from responding to him.

....especially in any of the Apple NGs, or r.p.d.

--
Regards,
Savageduck

sms wrote:
On 10/11/2019 11:35 AM, Frank Slootweg wrote:

snip

So in *this* case, nospam's response was irrelevant/off-topic and
hence a troll in itself.

With proper filters, there can be an long thread between multiple trolls
without you ever seeing any of the posts, and you can miss the rare
instance where at least one of them posts something interesting,
relevant, coherent, and accurate.

Going back to Google Groups to read this thread, indeed you are correct.
"Arlen Holder" has posted something interesting, relevant, coherent, and
accurate.

FWIW, in my newsreader ('tin'), I can see killfiled articles if and
when I want to. They're just not shown in the normal view(s). But for
example with 'l' I can list the 'tree' of a/the thread and that will
list all articles in the thread, including killed ones and I can then
open/view any article I want. Likewise if I am viewing an article which
is apparently a response to a killed article, I can view the killed
article with 'u' (up the thread, show paarent of current article). So I
do not have to resort to things like Google Groups.

It will be interesting to see the future of iTunes for Windows. Using an
iPhone with Windows, iTunes is required for transferring content between
a computer and the iPhone. Apple doesn't want to lose iPhone owners that
use Windows, which is the vast majority of iPhone owners.

The most likely scenario is that they'll retire iTunes for Windows and
come up with a Windows suite containing Apple Music, Apple TV, Apple
Podcasts, and Apple Books, and syncing capability, which does
essentially the same thing as iTunes does now, but in a new wrapper.

Well, sofar Apple has done a great job of alienating their customers
with Windows computers, so I'm not holding my breath. But one can always
hope, can't one!? :-)

In message sms wrote:
iTunes is required for transferring content between a computer and the
iPhone.

False.

--
This man was clearly mad, but at the heart of his madness was a cold,
dreadful sanity, a core of pure interstellar ice in the centre of the
furnace. She'd thought him weak under a thin shell of strength, but it
went a lot further than that. Somewhere deep inside his mind, somewhere
beyond the event horizon of rationality, the sheer pressure of insanity
had hammered his madness into something harder than diamond. --Wyrd
Sisters

In article , sms
wrote:

It will be interesting to see the future of iTunes for Windows. Using an
iPhone with Windows, iTunes is required for transferring content between
a computer and the iPhone.

absolutely false.

On 10/14/2019 8:54 AM, Frank Slootweg wrote:

snip

Well, sofar Apple has done a great job of alienating their customers
with Windows computers, so I'm not holding my breath. But one can always
hope, can't one!? :-)

I don't agree with that premise at all.

In fact I'd say that if anything they've alienated customers more with Macs.

Dell, Lenovo, and HP are all growing their PC market share while Apple's
market share is falling
https://www.macrumors.com/2019/10/10/mac-shipments-q3-2019-gartner/.

Catalyst may portend a new era for Macs. Once you port iOS apps to OS-X
then a Macbook with Apple Pencil support makes perfect sense. This would
be an answer to the the Microsoft Surface Pro and all the other Windows
laptops with touch screens and active stylus support. Apple has been
adamant that a touch-screen Macbook makes no sense, but they can now
legitimately claim that a Macbook with Apple Pencil support makes
perfect sense.