Tech giant Apple recently patched a critical security flaw in iTunes for Windows, ThreatPost reported. This zero-day vulnerability allows attackers to bypass “any” antivirus app and install ransomware on target systems.
ThreatPost explained that malicious parties exploited an “unquoted path” in the Bonjour updater used by iTunes for Windows. This security issue allows attackers to execute BitPaymer/iEncrypt, a new ransomware that is “difficult to detect.” Bonjour update comes packaged with the iTunes software.
According to the digital security company Morphisec Labs, hackers utilized Bonjour, which “has its own installation entry in the installed software section and a scheduled task.” This issue is aggravated by the fact that the ransomware is not an executable file (.exe). Antivirus tools were not able to catch the malicious program as they mainly focus on .exe files.
Moreover, Bonjour is executed from the Program Files folder. ThreatPost clarified that “because of the unquoted path, it instead ran the BitPaymer ransomware.”
Morphisec researchers first detected the exploit on an anonymous car company. Upon discovering the flaw, the firm notified Apple straightaway, which allowed the company to address the issue accordingly.
In July, Morphisec discovered that at least 15 companies in the US fell victim to the BitPaymer and iEncrypt campaign. There seems to be no pattern in the hacker’s attacks as organizations affected belong to the public and private sectors. They are also from a wide range of industries such as agriculture, finance, and technology.
This campaign serves as a warning for security administrators as it shows that hackers persist in finding new ways to launch their attacks. Their “innovative spirit” also helps them find ways to attack their victims.
Persisting risks
However, the company only fixed the issue through an update on iCloud for Windows, but not on iTunes for such systems. This could be because the company will be retiring its music streaming service for Mac devices.
Meanwhile, TechRadar said that risks related to the vulnerability will remain even after uninstalling the software in question. However, Apple Software Update is not removed by uninstalling iTunes. Instead, it requires manual uninstallation to specifically remove the updater.
TechRadar reminds users to ensure that they are using the latest version of iTunes (12.10.1) and iCloud (7.14).
Ars Technica reported that Morphisec also detected several vulnerabilities, which they reported to Apple. As of this writing, Apple has yet to fix these issues.
