Windows ransomware was installed undetected using zero-day iTunes exploit

Apple has since patched the exploit

What you need to know

  • A zero-day vulnerability in iTunes and iCloud for Windows allowed ransomware to be installed on Windows PCs undetected.
  • Unquoted service path allowed hackers to run malicious apps that wouldn’t trigger antivirus software.
  • Vulnerability was actively being exploited to run ransomware BitPaymer.

A report from Cybersecurity company Morphisec via ArsTechnica has revealed how a zero-day vulnerability in iTunes and iCloud for Windows allowed hackers to infect Windows computers with ransomware without triggering antivirus software.

According to the report:

The vulnerability resided in the Bonjour component that both iTunes and iCloud for Windows relies on, according to a blog post. The bug is known as an unquoted service path, which as its name suggests, happens when a developer forgets to surround a file path with quotation marks. When the bug is in a trusted program—such as one digitally signed by a well-known developer like Apple—attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.

In August, Morphisec found attackers were exploiting the vulnerability to install ransomware called BitPaymer on the computers of an unidentified company in the automotive industry. The exploit allowed the attackers to execute a malicious file called “Program,” which presumably was already on the target’s network.

Via:: Windows Central

Leave a Reply

Your email address will not be published. Required fields are marked *