Apple iTunes Bug Exploited To Deliver Ransomware

The Hackers have been exploiting the “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver BitPaymer/iEncrypt ransomware.

The Researchers from Morphinsec Labs have identified this flaw with Bonjour updater back in August the team from Morphisec immediately disclosed the vulnerability to Apple. Apple has recently patched the flaw for Windows. Windows desktops will still need to rely on iTunes for the foreseeable future even though Apple is dropping iTunes in their own ecosystem.

The type vulnerability allowed a combination of BitPaymer/iEncrypt ransomware to be exploited. The attack exploits an unquoted path vulnerability in Bonjour, which is a software that organizations may not even know is running on their systems, the firm said in a Thursday posting.

This vulnerability makes it easy for attackers to evade common detection  because most of the Antivirus programs now a days are based on behavior monitoring, and the Bonjour component appears like a legitimate process, researchers said. What makes it even harder to detect is that the malicious program file doesn’t come with an extension such as “.exe,” antivirus (AV) products probably won’t even scan the file to limit machine performance they scan only specific file extensions, researchers said.

These attackers are getting dangerous for security administrators because they are exhibiting an innovative spirit to find ways to avoid detection to spread ransomware.


Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.