If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
Yet again, Apple proves to not have tested their software sufficiently...
o For years and years and years and years (just like Google proved)... A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected. "The ... vulnerability ...is a well-known bug that has previously been identified by other vendors for more than 15 years." o APPLE ZERO-DAY EXPLOITED IN NEW BITPAYMER CAMPAIGN https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign "we have identified the abuse of an Apple zero-day vulnerability in the Apple Software Update utility that comes packaged with iTunes for Windows. The Windows exploit is important to note given Apple is sunsetting iTunes for Macs with the release of macOS Catalina this week, while Windows users will still need to rely on iTunes for the foreseeable future." "In most cases, people are not aware that they need to uninstall the Apple Software Update component separately when uninstalling iTunes. Because of this, machines are left with the updater task installed and working. We were surprised by the results of an investigation that showed Apple Software Update is installed on a large number of computers across different enterprises. Many of the computers uninstalled iTunes years ago while the Apple Software Update component remains silently, un-updated, and still working in the background. Following this discovery, we identified the attack surface and the motivation of the attacker to choose this process for evasion." |
Ads |
#2
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
In article , Arlen _G_ Holder
wrote: Yet again, Google proves to not have tested their software sufficiently... ftfy https://www.theverge.com/2019/10/4/2...ity-vulnerabil ity-project-zero-pixel-galaxy-huawei-xiaomi Security researchers with Googlešs Project Zero team have disclosed an Android vulnerability that appears to have been exploited in the real world, ZDNet reports. The issue affects phones manufactured by Samsung, including the Galaxy S7, S8, and S9, as well as the Huawei P20, Pixel 1, and Pixel. |
#3
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
On Fri, 11 Oct 2019 12:31:34 -0400, nospam wrote:
Security researchers with Googlešs Project Zero team have disclosed an Android vulnerability Hi nospam, Have you _ever_ posted a purposefully helpful post, in your life, nospam? o Not even once? You _always_ easily prove to own the 7 basic habits of Apple apologists o Here https://groups.google.com/d/msg/misc.phone.mobile.iphone/18ARDsEOPzM/veU8FwAjBQAJ A basic habit is to brazenly deflect facts which conflict with marketing messages o By blaming everyone but Apple - for Apple's lack of QA testing & security flaws Facts on iOS & Android security/vulnerabilities are covered in gory detail o Here https://groups.google.com/d/msg/misc.phone.mobile.iphone/MiZixhidmOs/ATC1S3s4FQAJ Back to the purposefully factual on-topic conversation on the potluck... o Here are some pragmatic hints for Windows users to protect themselves "Since the vulnerability was in the Bonjour component that iCloud and iTunes for window rely on, it˙s possible that some users are still at risk because Bonjour is not automatically removed after installation. Bonjour needs to be uninstalled separately. PC users should ensure that they˙ve updated to the latest versions of iCloud and iTunes to avoid any issues. Mac users have not been impacted by this vulnerability." See also 9to5Mac: o Vulnerability in iTunes and iCloud allowed Windows PC ransomware infection https://9to5mac.com/2019/10/11/vulnerability-in-itunes/ "A zero-day vulnerability in iTunes and iCloud apps on Windows PCs enabled attackers to install ransomware without triggering antivirus protections. " There's a reason I've been logically assessing iTunes as an abomination, for years, nospam, particularly the atrociously coded installer program... "If you˙ve ever run iTunes on your PC, even if you later removed it, you could still be at risk. That˙s because the iTunes uninstaller doesn˙t automatically remove Bonjour." As most people know, the iTunes abomination is deprecated by Apple: "Macs are not affected, no matter which version of macOS you are running. Additionally, macOS Catalina replaces iTunes with a brand new Music app." For more information on replacing the iTunes abomination, see: o What functionality does iTunes do for you that you'll need to replicate without iTunes? https://groups.google.com/d/msg/misc.phone.mobile.iphone/v2jT-sWIKR0/gA45WfO6AAAJ -- Bringing TRUTH to the Apple newsgroups... one fact at a time. |
#4
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
On Fri, 11 Oct 2019 13:13:22 -0700, Alan Baker wrote:
misc.phone.mobile.iphone needs to know about it? comp.sys.mac.system needs to know? alt.comp.freeware? Hi Alan Baker, Why don't you apologists understand things Apple didn't feed you? o The iTunes freeware, on all platforms, is an abomination. I've been proving, for years, iTunes freeware is an abomination o It doesn't even matter the platform The fact is that the iTunes freeware is called an abomination o For very good factual reasons, Alan Baker. Even Apple knows this - which is why they deprecated the abomination. You apologists have apologized for the iTunes abomination since the start o You apologized for it wiping out all our MP3 audio files o You apologized for its idiotic installer o You apologized for it being the canonical example of bloatware o You apologized for it requiring the installation of Quicktime o You apologized for its requirement of Bonjour etc. Each of these examples, I can find a reference backing up my claims o Where you apologists have been making excuses for the abomination All you apologists ever do - is make excuses for the iTunes abomination o Where even Apple doesn't even want us to use it anymore iTunes is that much of an abomination, even Apple dropped it. I've been proving that it's an abomination for years, Alan Baker o On all the common consumer platforms I own The only ones who don't know iTunes is an abomination o Are you apologists Why? o I don't know why. I think it's perhaps you only know what Apple marketing feeds you. For example, not only should Windows users wipe the iTunes abomination off their system, but there's NOTHING that the iTunes abomination does (AFAIK), that Windows users can't do WITHOUT the iTunes abomination, Alan Baker. If you (or any of the apologists) think there's something functional the iTunes abomination does on Windows that the Windows users can't get with other freeware, just let us know. I have plenty of iPods and iOS devices to test on Windows, Alan. o I've been proving the iTunes abomination is an abomination for a reason. -- Bringing adult logical thought processes to the Apple newsgroups. |
#5
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on WindowsPCs allowed hackers to install ransomware undetected.
Arlen _G_ Holder wrote:
On Fri, 11 Oct 2019 13:13:22 -0700, Alan Baker wrote: misc.phone.mobile.iphone needs to know about it? comp.sys.mac.system needs to know? alt.comp.freeware? Hi Alan Baker, Why don't you apologists understand things Apple didn't feed you? o The iTunes freeware, on all platforms, is an abomination. I've been proving, for years, iTunes freeware is an abomination o It doesn't even matter the platform The fact is that the iTunes freeware is called an abomination o For very good factual reasons, Alan Baker. Even Apple knows this - which is why they deprecated the abomination. You apologists have apologized for the iTunes abomination since the start o You apologized for it wiping out all our MP3 audio files o You apologized for its idiotic installer o You apologized for it being the canonical example of bloatware o You apologized for it requiring the installation of Quicktime o You apologized for its requirement of Bonjour etc. Each of these examples, I can find a reference backing up my claims o Where you apologists have been making excuses for the abomination All you apologists ever do - is make excuses for the iTunes abomination o Where even Apple doesn't even want us to use it anymore iTunes is that much of an abomination, even Apple dropped it. I've been proving that it's an abomination for years, Alan Baker o On all the common consumer platforms I own The only ones who don't know iTunes is an abomination o Are you apologists Why? o I don't know why. I think it's perhaps you only know what Apple marketing feeds you. For example, not only should Windows users wipe the iTunes abomination off their system, but there's NOTHING that the iTunes abomination does (AFAIK), that Windows users can't do WITHOUT the iTunes abomination, Alan Baker. If you (or any of the apologists) think there's something functional the iTunes abomination does on Windows that the Windows users can't get with other freeware, just let us know. I have plenty of iPods and iOS devices to test on Windows, Alan. o I've been proving the iTunes abomination is an abomination for a reason. Could you timeline the course of your interaction with iPods and Windows to determine at about what point you became obsessively unhinged? Was it a gradual decline or all of a sudden? Kinda weird that software stalking could be a thing, but here you are. |
#6
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
On Fri, 11 Oct 2019 21:08:54 -0500, *Hemidactylus* wrote:
He has to self-justify his purchases of so many Windows machines on which he installed iTunes and the abominable Apple Software Update component and Bonjour snowmen and all the associated iDevices over the years spending sleepless nights demonstrating their threats to world civilization as we know it and warning the hapless victims because he is the Savior. Nobody listened. The threat continued to grow. But nobody listened. He tested, warned, and tested some more. Nobody listened. He posted links, listed the enemies of the truth, but nobody ever listened. iTunes is his Manbearpig and nobody takes him cereal. Think of his opportunity costs. Such tragic personal sacrifice to no avail. No fanfare. Just killfiled apathy or or the spectators bemusement that eventually converges upon Schadenfreude. Hi Hemidactylus, If it seems that an adult with mere facts is the opposite of you apologists o Then you're actually reading these threads correctly (kudos to you). Here is a mere fact that adults handle differently than do apologists: o Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks https://thehackernews.com/2019/10/apple-bonjour-ransomware.html How do you apologists handle a mere fact such as that fact? Well .. thank you for proving yet another common habit of the Apologists. o The Apologists have absolutely no adult response to mere facts Such as this mere fact: o A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected. Most adults deal with mere facts by doing two simple things a. They comprehend the mere fact b. They form adult belief systems based on those mere facts But not the child-like Apple Apologists. The child-like Apologists instantly react to facts, with hateful vitriol. o All aimed, literally, at the mere bearer of those adult facts Why? o I don't know why. I think facts instantly DESTROY the wholly imaginary belief system carefully built up by (admittedly clever) Apple Marketing. Mere facts literally _scare_ the Apple apologists! They act just like a fifth grader might when told Santa Claus isn't real. o Apologists instantly and viciously attack the mere bearer of facts It's one of the basic 7 habits all apologists have - in reaction to facts. o What are the common well-verified psychological traits of the Apple Apologists on this newsgroup? https://groups.google.com/d/msg/misc.phone.mobile.iphone/18ARDsEOPzM/veU8FwAjBQAJ Back on topic, those child-like apologists, like Joerg Lorenz, will appreciate that even his vaunted belief only in facts reported in the German media can be trusted, are he o English: https://borncity.com/win/2019/10/11/itunes-and-icloud-for-windows-vulnerability-is-exploited/ o German https://www.borncity.com/blog/2019/10/11/itunes-und-icloud-for-windows-schwachstelle-wird-ausgenutzt/ "The vulnerable component is the Bonjour updater, a configuration-free implementation of the network communication protocol that works in the background and automates various low-level network tasks. This includes automatically downloading updates for Apple software. Since the Bonjour updater is installed as a separate program on the system, Bonjour is not removed when iTunes and iCloud are uninstalled. Therefore, this Bonjour updater is present on many Windows computers and has not been updated after uninstalling iTunes or iCloud, but runs in the background." -- Bringing TRUTH & LOGIC to the Apple newsgroups; one mere fact at a time. |
#7
|
|||
|
|||
[OT]A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
On Fri, 11 Oct 2019 12:31:34 -0400, nospam
wrote: In article , Arlen _G_ Holder wrote: Yet again, Google proves to not have tested their software sufficiently... ftfy https://www.theverge.com/2019/10/4/20898460/android-security-vulnerability-project-zero-pixel-galaxy-huawei-xiaomi Security researchers with Googlešs Project Zero team have disclosed an Android vulnerability that appears to have been exploited in the real world, ZDNet reports. The issue affects phones manufactured by Samsung, including the Galaxy S7, S8, and S9, as well as the Huawei P20, Pixel 1, and Pixel. Thanks. My maid uses a cellphone with Android. I'll pass it on to her. PS OT in alt.comp.freeware. Please check troll-header-follow-ups before replying. OT up. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#8
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
In article , Frank Slootweg
wrote: Why is posting about a zero day Android vulnerability less helpful, "Arlen"? I'm the last person to 'defend' 'Arlen' and it *is* Arlen's typical MO to troll about anything Apple. But in *this* case, it *is* about Apple software on Windows and he posted only to related groups, i.e. no trolling by crossposting to (for example) comp.mobile.android. So in *this* case, nospam's response was irrelevant/off-topic and hence a troll in itself. misc.phone.mobile.iphone needs to know about it? Yes, because you need iTunes to connect/use an iPhone with (MS-)Windows. nope. itunes is *not* required to use an iphone or any other ios device on windows or macos. ios devices can be used standalone, without any other computer at all. itunes does offer additional functionality, but using it is *optional*. comp.sys.mac.system needs to know? Yes: "The Windows exploit is important to note given Apple is sunsetting iTunes for Macs with the release of macOS Catalina this week, while Windows users will still need to rely on iTunes for the foreseeable future." nope. itunes no longer exists in catalina and the exploit doesn't exist for older versions of macos & itunes. this issue *only* affects windows, and only those who have installed itunes (again, it's optional). alt.comp.freeware? Of course! *Everything* should be crossposted to alt.comp.freeware! But seriously, you're right, alt.comp.freeware is one of 'Arlen's default groups, but it's irrelevant to the topic at hand. as it is for everything other than windows related newsgroups. if he wanted to be helpful rather than troll, he would have included the win7 newsgroup. |
#9
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
On Sat, 12 Oct 2019 11:03:36 -0400, nospam wrote:
itunes does offer additional functionality, but using it is *optional*. Hi nospam, Thank you, yet again, for proving the point about you Apologists. One the one hand, you _insist_ iTunes is used for certain iOS IPA backups o And now, when it suits your purposes, all of a sudden, it's "optional". There are so many instances, the intelligent reader will understand when I simply summarize this one sentence from nospam, before going into detail: o nospam https://groups.google.com/d/msg/misc.phone.mobile.iphone/IeOlsAV4VCU/ceHmbY08M0EJ "what you can do is sync the ios device with your computer which copies the apps to it and then sync the other ios devices, choosing which apps to install (they don't have to be the same) but you refuse to use itunes so that option is out." As for iTunes being "optional", notice what nospam said in that thread: o nospam "use itunes so none of this nonsense is needed." The fact is, when it suits nospam's purposes, his answer is "iTunes"... Here, for example, on January 15th, nospam tells badgolferman to use itunes https://groups.google.com/d/msg/misc.phone.mobile.iphone/MiZixhidmOs/22mB1uHCFQAJ o badgolferman to nospam: "Please explain. iTunes has removed app management capability. I used to be able to do that with iTunes but no more" o nospam to badgolferman: "there's a separate fork of itunes that retains that ability" o badgolferman to nospam: "Where does one find this separate fork of iTunes?" o nospam to badgolferman: "https://support.apple.com/en-us/HT208079 If you've already installed a newer version of iTunes, you can download this version of iTunes for your Mac, PC (32-bit), or PC (64-bit) and run the installer. After installation is complete, you can continue to deploy apps with iTunes." NOTE: nospam's only 'other' option is for badgolferman to be a 'developer'. Here's another (there are plenty)...about a year ago, Oct. 18, 2018 https://groups.google.com/d/msg/misc.phone.mobile.iphone/56nEgAZIjGk/QoMXl4TFBAAJ o Ant to nospam: "Does iTunes' backups and sync keep copies of these old installed apps? If "so, then how do I restore that single app (not the whole iPhone!)? o nospam to Ant "if you kept an older copy, you can sync it to the phone" o JF Mezei to Ant "https://support.apple.com/en-ph/HT201593 If you made a backup of it using old iTunes, you can find that file and manually move it to your iPhone." o nospam to JF Mezei & Ant "itunes used to sync apps downloaded on a device, but with app thinning, it no longer does that. in its place, itunes can automatically download apps on its own that are downloaded on a device, without the sync." o Lewis to Ant "If you want the CURRENT versions of all your apps, install iTunes" etc. And another (as I said, there are plenty), on July 21, 2018 https://groups.google.com/d/msg/comp.mobile.ipad/Tufx3qIBZBw/TDZQfsILCAAJ o Wade Garrett to group: " how can I get a copy onto my iPad Mini?" o nospam to Wade Garrett: "it would also be available in an itunes backup." "anyone who claims it can't be done is ignorant or trolling" o Jolly Roger to Wade Garrett: "You can install and use iTunes version 12.6.4 to download iOS apps from the App Store to your computer, and sync them with an iOS device you want: https://support.apple.com/en-us/HT208079 I keep a macOS install with this version of iTunes in a VMware Fusion VM for app archival purposes. I have ever version of every app installed on all of my iOS devices archived going back a few years." o Jolly Roger to Wade Garrett: "Here's a crash course in grabbing anything you want out of iTunes backups: If you open iTunes Preferences Devices, you can right-click any of the backups listed there and choose Show in Finder to open a window showing the backup folder to figure out which folder corresponds to the backup you want. " o Jolly Roger to Wade Garrett "Install it on another machine that you aren't using for iTunes. Or hold down Option while launching iTunes and create a new alternate library just for this version." etc. For more, see also: o Why do the Apple Apologists constantly send poor unsuspecting iOS users on wild goose chases? https://groups.google.com/d/msg/misc.phone.mobile.iphone/ynh0PE9lK_I/QOiGP4_SFQAJ -- Bringing adult thought processes to Apple ng's; one fact at a time. |
#10
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCsallowed hackers to install ransomware undetected.
On 10/11/2019 11:35 AM, Frank Slootweg wrote:
snip So in *this* case, nospam's response was irrelevant/off-topic and hence a troll in itself. With proper filters, there can be an long thread between multiple trolls without you ever seeing any of the posts, and you can miss the rare instance where at least one of them posts something interesting, relevant, coherent, and accurate. Going back to Google Groups to read this thread, indeed you are correct. "Arlen Holder" has posted something interesting, relevant, coherent, and accurate. It will be interesting to see the future of iTunes for Windows. Using an iPhone with Windows, iTunes is required for transferring content between a computer and the iPhone. Apple doesn't want to lose iPhone owners that use Windows, which is the vast majority of iPhone owners. The most likely scenario is that they'll retire iTunes for Windows and come up with a Windows suite containing Apple Music, Apple TV, Apple Podcasts, and Apple Books, and syncing capability, which does essentially the same thing as iTunes does now, but in a new wrapper. |
#11
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
On Oct 14, 2019, sms wrote
(in article ): On 10/11/2019 11:35 AM, Frank Slootweg wrote: snip So in *this* case, nospam's response was irrelevant/off-topic and hence a troll in itself. With proper filters, there can be an long thread between multiple trolls without you ever seeing any of the posts, and you can miss the rare instance where at least one of them posts something interesting, relevant, coherent, and accurate. The only time I ever see any of âArlen Holderâsâ psychotic musings these days is whenever others reflexively respond to him. Going back to Google Groups to read this thread, indeed you are correct. "Arlen Holder" has posted something interesting, relevant, coherent, and accurate. The sublime quality of his obsession makes all of his posts irrelevant, incoherent, uninteresting (to other than mental health professionals), and astonishingly inaccurate.The result is, I care not a whit what he rants about, and wish that others would restrain themselves from responding to him. ....especially in any of the Apple NGs, or r.p.d. -- Regards, Savageduck |
#12
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
sms wrote:
On 10/11/2019 11:35 AM, Frank Slootweg wrote: snip So in *this* case, nospam's response was irrelevant/off-topic and hence a troll in itself. With proper filters, there can be an long thread between multiple trolls without you ever seeing any of the posts, and you can miss the rare instance where at least one of them posts something interesting, relevant, coherent, and accurate. Going back to Google Groups to read this thread, indeed you are correct. "Arlen Holder" has posted something interesting, relevant, coherent, and accurate. FWIW, in my newsreader ('tin'), I can see killfiled articles if and when I want to. They're just not shown in the normal view(s). But for example with 'l' I can list the 'tree' of a/the thread and that will list all articles in the thread, including killed ones and I can then open/view any article I want. Likewise if I am viewing an article which is apparently a response to a killed article, I can view the killed article with 'u' (up the thread, show paarent of current article). So I do not have to resort to things like Google Groups. It will be interesting to see the future of iTunes for Windows. Using an iPhone with Windows, iTunes is required for transferring content between a computer and the iPhone. Apple doesn't want to lose iPhone owners that use Windows, which is the vast majority of iPhone owners. The most likely scenario is that they'll retire iTunes for Windows and come up with a Windows suite containing Apple Music, Apple TV, Apple Podcasts, and Apple Books, and syncing capability, which does essentially the same thing as iTunes does now, but in a new wrapper. Well, sofar Apple has done a great job of alienating their customers with Windows computers, so I'm not holding my breath. But one can always hope, can't one!? :-) |
#13
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCsallowed hackers to install ransomware undetected.
In message sms wrote:
iTunes is required for transferring content between a computer and the iPhone. False. -- This man was clearly mad, but at the heart of his madness was a cold, dreadful sanity, a core of pure interstellar ice in the centre of the furnace. She'd thought him weak under a thin shell of strength, but it went a lot further than that. Somewhere deep inside his mind, somewhere beyond the event horizon of rationality, the sheer pressure of insanity had hammered his madness into something harder than diamond. --Wyrd Sisters |
#14
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCs allowed hackers to install ransomware undetected.
In article , sms
wrote: It will be interesting to see the future of iTunes for Windows. Using an iPhone with Windows, iTunes is required for transferring content between a computer and the iPhone. absolutely false. |
#15
|
|||
|
|||
A zero-day vulnerability in iCloud and iTunes on Windows PCsallowed hackers to install ransomware undetected.
On 10/14/2019 8:54 AM, Frank Slootweg wrote:
snip Well, sofar Apple has done a great job of alienating their customers with Windows computers, so I'm not holding my breath. But one can always hope, can't one!? :-) I don't agree with that premise at all. In fact I'd say that if anything they've alienated customers more with Macs. Dell, Lenovo, and HP are all growing their PC market share while Apple's market share is falling https://www.macrumors.com/2019/10/10/mac-shipments-q3-2019-gartner/. Catalyst may portend a new era for Macs. Once you port iOS apps to OS-X then a Macbook with Apple Pencil support makes perfect sense. This would be an answer to the the Microsoft Surface Pro and all the other Windows laptops with touch screens and active stylus support. Apple has been adamant that a touch-screen Macbook makes no sense, but they can now legitimately claim that a Macbook with Apple Pencil support makes perfect sense. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|