Wednesday 16 October 2019

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

A Vulnerability affecting a known component that comes bundled with Apples iTunes has been used by the Cybercriminal group behind BitPayment and iEcrypt to perform ransomware attacks.

The vulnerable component is the Bonjour updater, a component of Itunes that works silently in the background automated various low-level network states, including downloading of new updates related with Apple software.
Uninstalling the iCloud does not solve the problem, since the Bonjour gets installed as a separate program on the system.
The Bonjour component was found vulnerable to the unquoted service path vulnerability, a common software security flaw that occurs when the path of an executable contains spaces in the filename and is not enclosed in quote tags ("").

The unquoted service path vulnerability can be exploited by planting a malicious executable file to the parent path, tricking legitimate and trusted applications into executing malicious programs to maintain persistence and evade detection.
Apple released iCloud for Windows 10.7iCloud for Windows 7.14, and iTunes 12.10.1 for Windows to address the vulnerability and it’s highly recommended to update their software to the latest versions.

Source: Panda Security