Itunes for Windows hack

Flaw in iTunes for Windows allows hackers evade detection from antivirus software, indiscriminately run a file – Find out how!

Hackers behind the BitPaymer ransomware strain used a vulnerability in the Bonjour updater of iTunes for Windows to evade detection from antivirus software, according to a security firm.

Ransomware attackers have been abusing a vulnerability in the Windows version of Apple iTunes to avoid detection from antivirus software, according to security researchers.

The problem deals with the Apple-created Bonjour updater that comes with iTunes for Windows, which is used to deliver software updates to the app. Security firm Morphisec has discovered it also suffers from an “unquoted path vulnerability,” which can cause the Bonjour updater to indiscriminately run a file, whether it be safe or malicious.

The hackers behind the BitPaymer ransomware strain discovered the vulnerability and used it in their attacks. Specifically, they delivered a malicious file to exploit the flaw as a way to evade detection from antivirus software onboard a Windows system.

The Bonjour updater is well known in the software industry, and as a result, antivirus protection algorithms will generally ignore it to prevent software conflicts on Windows PCs, Morphisec CTO Michael Gorelik wrote in a Thursday report.

“In this scenario, Bonjour was trying to run from the ‘Program Files’ folder, but because of the unquoted path, it instead ran the BitPaymer ransomware since it was named ‘Program,'” he added.

According to Morphisec, the BitPaymer ransomware attackers have been targeting companies by first delivering phishing emails that secretly contain malware. The attackers will then conduct reconnaissance over the target’s corporate network before unleashing a ransomware on the victim’s computers. Other attacks have involved first guessing the passwords to remote desktop computers at a victim organization to gain a foothold.

Fortunately, Apple earlier this week fixed the unquoted path vulnerability in iTunes by rolling out updates for iCloud to both Windows 7 and Windows 10. However, Morphisec is warning that many users may be running unpatched versions of the Bonjour updater on their PCs, despite having removed iTunes.

source:  By  Michael Kan /
Spread the love

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: