Attacker uses iTunes zero-day to install BitPaymer Ransomware on Windows
According to report, Apple Company has patched iTunes zero-day security flaw that allowed the cybercriminals to bypass the detected of antimalware software and install BitPaymer Ransomware on Windows devices. For those who are not aware, cyber security experts & researchers from Morphisec discovered a new cyber attack that uses iTune Zero-Day bug to install BitPaymer Ransomware on target machine. The attackers breached the targeted company without triggering antimalware protection alarms. However, Morphisec were shared the details of the attack with Apple within disclosure period and waiting for official patch. Let’s start the discussion about iTunes zero-day vulnerability in details.
iTunes zero-day vulnerability allows the hacker to bypass the detection of security software
Report says, security researchers have discovered the zero-day bug in Windows version of iTunes app that allows the hacker to infect the target machine by installing BitPaymer Ransomware on their System. Security experts identified the malware sample on automotive corporation computers in August 2019. Since, the security team were immediately contacted the Apple Corporation for the support and finally, iTunes zero-day vulnerability have patched earlier in this week. Thanks to Morphisec who shared the details of cyber attack with Apple immediately and waiting for official patch.
Software developers forgot to add quotation markings: Bug occurs due to missing quotes
According to security researchers, unquoted path vulnerability allowed the attackers to escalate privilege. Moreover, these types of security flaws are not very commonly occurred. They have around for more than 15 years which have seen in some popular software like ExpressVPN or ForcePoint VPN and many other applications. When we talk about iTunes zero-day vulnerability, the reasons behind this bug is that software developers forget to add quotation markings that should surround the file path Bonjour component which is designed to delivers Apple updates to iTunes software package. However, security researchers found the bug in Windows version of iTune app that there is one of the path used in the code was missing quotes.
Malware Researchers explained: Attacker executes malicious codes on targeted machine by using iTunes zero-day vulnerability
iTunes zero-day bug lies within the process that is digitally signed and is trusted by Operating System. Cyber crooks can import modifications via this bug without AV engines reacting to it. In simple word, we can say that this particular feature makes iTunes zero-day very dangerous. Let’s take have a look the malware researchers explanation about the bug.
“As many detection solutions are based on behavior monitoring, the chain of process execution (parent-child) plays a major role in alert fidelity. If a legitimate process signed by a known vendor executes a new malicious child process, an associated alert will have a lower confidence score than it would if the parent was not signed by a known vendor. Since Bonjour is signed and known, the adversary uses this to their advantage.”
Researchers suggests: Uninstall Bonjour Component if you are no longer using iTune for Windows
Unquoted path vulnerability allows the hacker to install BitPaymer Ransomware on your Windows instead of Bonjour component. Researchers also says that it might possible to install malicious file as name of “Apple” or “Apple Software” due to bug which is able of being launched the same way but cause big serious in your machine.
Bonjour is separate component and needs to be uninstalled separately from iTunes. If you are no longer using iTune for Windows, then you need to uninstall Bonjour components as well. Now, iTunes zero-day vulnerability has patched with latest Apple updates. So, if you use iTune on your Windows, then you should immediately patch the software with latest Apple updates.
We are researching on the matter “Attacker uses iTunes zero-day to install BitPaymer Ransomware on Windows” very deeply and we will defiantly post an update, if it will come in future. For any suggestions or queries, please write on comment box given below.
You may also read: Twitter Used 2FA Phone Numbers For Targeting Sponsored Ad