Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

apple Bonjour ransomware

Watch out Windows users!

The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple’s iTunes and iCloud software for Windows to evade antivirus detection.

The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network communication protocol that works silently in the background and automates various low-level network tasks, including automatically download the future updates for Apple software.

To be noted, since the Bonjour updater gets installed as a separate program on the system, uninstalling iTunes and iCloud doesn’t remove Bonjour, which is why it eventually left installed on many Windows computers — un-updated and silently running in the background.

Cybersecurity researchers from Morphisec Labs discovered the exploitation of the Bonjour zero-day vulnerability in August when the attackers targeted an unnamed enterprise in the automotive industry the BitPaymer ransomware.

Unquoted Service Path Vulnerability in Apple’s Bonjour Service

The Bonjour component was found vulnerable to the unquoted…

http://feedproxy.google.com/~r/TheHackersNews/~3/2Q0–5dhWs0/apple-bonjour-ransomware.html

Leave a Reply