Zero-Day Vulnerability in iTunes Being Exploited in the Wild via BitPaymer Ransomware

in antivirus •  5 years ago 


Researchers have discovered a zero-day vulnerability in iTunes that is under active exploit. They found the hackers behind the BitPaymer ransomware exploited the bug to bypass antivirus programs.

iTunes Zero-Day Vulnerability Under Attack


Researchers from Morphisec discovered a security flaw affecting iTunes. They found this iTunes zero-day under active exploitation by hackers too.

As elaborated in a blog post, an unquoted path vulnerability existed in the Bonjour updater of iTunes for Windows. Despite being well-documented, this unquoted path vulnerability escaped researchers’ attention at Apple, eventually appearing in iTunes.

Bonjour, as explained by the researchers, comes packaged with iTunes and serves as the updater. While it is installed on users’ devices whenever someone installs iTunes, it stays there even after uninstalling iTunes.

Bonjour, a mechanism that Apple uses to deliver future updates, includes one of these unquoted paths. Bonjour has its own installation entry in the installed software section and a scheduled task to execute the process.
The bug, which resided in this component, threatens a lot of devices. The attackers abused Bonjour to hijack its execution path and pointed it to BitPaymer ransomware. Though they couldn’t get admin privileges on the device, they could at least evade antivirus detections due to the legitimacy of Bonjour.
If a legitimate process signed by a known vendor executes a new malicious child process, an associated alert will have a lower confidence score than it would if the parent was not signed by a known vendor.

Apple Released Patches

Alongside the bug discussed above, researchers also found other similar vulnerabilities in iTunes software and installer. Whereas, the same Bonjour bug also affected iCloud with which it comes packaged.

Upon discovering the vulnerabilities, the researchers reported them to Apple. Following their report, Apple patched the flaws with the release of iTunes 12.10.1 for Windows and iCloud for Windows 7.14.

Let us know your thoughts in the comments.


Posted from my blog with SteemPress : https://latesthackingnews.com/2019/10/12/bitpaymer-ransomware-exploited-itunes-zero-day-vulnerability/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://latesthackingnews.com/2019/10/12/bitpaymer-ransomware-exploited-itunes-zero-day-vulnerability/