Windows Bonjour, iCloud, iTunes & QuickTime Ransomware

Rev. Jan. 2023. Even if you uninstall Apple software for Windows, leftover components may leave you vulnerable to ransomware. It doesn't matter if you uninstall Bonjour, Bonjour Print Services, iCloud, iTunes, and QuickTime. Ransomware can still infect you through older versions of Apple Software Update left behind. You might have no idea that Apple released the first of a series of security updates to plug such holes starting way back in 1999 with iTunes for Windows 12.10.1 and iCloud for Windows 7.14 (Goodin 2019).

Goodin, Dan. 2019. Attackers exploit an iTunes zeroday to install ransomware. Arstechnica.com. October 10.

As of January 2023, the pertinent final security updates for Windows 7 were iTunes v12.10.9 and iCloud 7.21, both issued in September 2020 (Apple 2023).

Apple. 2023. Apple Security Updates. Support.Apple.com/HT201222. A listing of such updates, not download links.

As of January 2023, there are also later updates, at least for iTunes. I haven't found a reference for a later iCloud but the final general version of iTunes is 12.10.11.2 (Apple 2023).

Apple. 2023. Downloads [of iTunes]. Support.Apple.com/downloads/itunes. Includes links to iTunes 12.10.11 for Windows 32 bit and 64 bit.

The iTunes updates break QuickTime. The final iTunes security update 12.10.9 as well as the final general update 12.10.11.2 remove 'Apple Application Support'. This is required for QuickTime. The preferred response is to uninstall QuickTime (CISA 2016).

CISA. 2016. Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced. Cisa.gov. April 14. Alert TA16-105A.

Why is security advice so useless? How are you supposed to access QuickTime movies? The security advice from How-To Geek isn't quite so useless. Chris Hoffman writes that QuickTime videos are actually just .mov and .qt files that you can almost always play with the free open source VLC media player (Hoffman 2016).

Hoffman, Chris. 2016. QuickTime for Windows is Dead, and You Should Uninstall It to Stay Secure. HowToGeek.com. Apr. 15.

But what if, against all advice, you want to keep QuickTime anyway? You might try this entirely at your own risk.

• Download the following and save the files.
  • Winrar from win-rar.com (e.g. winrar-x64-620.exe), unless you already have it (despite reference only to Windows 11 and 10, winrar 6.20 does run all the way back to Windows 7).
  • Bonjour Print Services (support.apple.com/kb/dl999) (BonjourPSSetup.exe) if you want zero configuration driverless printing available for printers on the same network leg or wifi.
  • QuickTime 7.7.9 (support.apple.com/kb/DL837) (e.g. QuickTimeInstaller.exe).
  • iTunes 12.10.11 (support.apple.com/downloads/itunes) (e.g. iTunes64setup.exe).
  • iTunes 12.10.8 (there's a link to apple's repository via techglobex.net/2015/02/download-apple-itunes-for-os-x-windows.html). You'll need to rename it to distinguish it from 12.10.11.
• Use Windows control panel to uninstall these bits so you have a relatively clean slate:
  • 'Apple Application Support' (unqualified or 32 bit).
  • 'Apple Application Support (64 bit)'.
  • 'Bonjour Print Services'.
  • 'Bonjour'.
  • 'iCloud'. Don't uninstall iCloud if you intend to use it. It's unclear if there is a reinstall path.
  • 'iTunes'.
  • 'QuickTime'. Don't uninstall QuickTime 6 if you want to keep using 'pro' features like save and export.
• Then reinstall in this order:
  • Install winrar, if you don't have it already.
  • Install Bonjour Print Services.
  • Install QuickTime 7.7.9. Again, don't install QuickTime 7 if you want to keep using QuickTime 6 pro features like save and export. Use custom: no optional features (no plug-in, picture viewer, or Java). Don't automatically update.
  • Install iTunes 12.10.11. Don't use as the default audio player; don't automatically update.
  • At the Windows globe search box, run WinRar. Open the iTunes 12.10.8 installer and then double click on 'Apple Application Support (32 bit)' to install just that bit, which is apparently the only one QuickTime needs.

You'll likely end up with these components in the Windows control panel:

• Apple Application Support (32 bit) v8.6
• Apple Mobile Device Support (32 bit) 14.5.0.7
• Apple Software Update 2.6.3.1. Consider removing this. The party line is that there will never be more updates, so it has no benefit. But it might have cost, because it likely contains yet more undiscovered or unpatched vulnerabilities.
• Bonjour 3.1.0.1
• Bonjour Print Services 2.0.2.0
• iTunes 12.10.11.2
• QuickTime 7.79.80.95

It's just possible that undoing the denial of service caused by overzealous computer security people is costing way more time and money than even the ransomware folks. But the above convoluted steps do restore the ability to play Quicktime movies and do allow using iTunes to play CDs.

Installing the last iTunes to plug a few ransomware holes and kill QuickTime is using a cannon to kill a mouse. What can they be thinking of? This document shows that you can reenable QuickTime, but does it reanimate the ransom-demanding mice? Who can say? There's next to no useful information about this online. I offer it in the hope that it might be slightly more useful than the US-CERT/CISA advice, which borders on telling you to unplug the keyboard and disconnect the router to protect your PC. Oh, and the computer security people now tell us that music is also the enemy of our computers (NIST 2022).

NIST. 2022. CVD-2022-38392 Detail. NIST.gov. Aug. 2022. The 'Rhythm Nation' music video can be used to effect a denial of service attack by crashing certain 5400 RPM hard drives used in various laptops and other PCs.

I AM NOT MAKING THIS UP. The computer security people are even more paranoid than I am, and that's saying something. They're completely out of control. Am I wrong? Feel free to send a comment.