The hackers behind the BitPaymer ransomware used a dangerous vulnerability in iTunes and iCloud for Windows computers. The leak was discovered in August by security company Morphisec. Apple has since closed the leak with an update, but some computers are still in danger.
The BitPaymer ransomware showed up for the first time in the summer of 2017 and encrypted files on the affected computer. Then money was demanded if users wanted the files back.
The security company discovered that the ransomware used a zero day leak in iTunes and iCloud. A zero day leak is very dangerous because the manufacturer does not know about the existence and hackers have free rein. This was also the case with Apple software.
The vulnerability was in the Bonjour program that ensures that iTunes and iCloud are updated on Windows PCs. The moment users remove iTunes from their PC, Bonjour is left behind. This program must then be removed separately.
Users often do not realize this and that is why many systems are still vulnerable, even if they no longer have iTunes installed. Users are advised to uninstall and reinstall the program so that they have the latest version with update.
See also: What is a zero-day vulnerability?