Flaw in iTunes for Windows allows hackers evade detection from antivirus software, indiscriminately run a file – Find out how!

Hackers behind the BitPaymer ransomware strain used a vulnerability in the Bonjour updater of iTunes for Windows to evade detection from antivirus software, according to a security firm.

Ransomware attackers have been abusing a vulnerability in the Windows version of Apple iTunes to avoid detection from antivirus software, according to security researchers.

The problem deals with the Apple-created Bonjour updater that comes with iTunes for Windows, which is used to deliver software updates to the app. Security firm Morphisec has discovered it also suffers from an “unquoted path vulnerability,” which can cause the Bonjour updater to indiscriminately run a file, whether it be safe or malicious.

The hackers behind the BitPaymer ransomware strain discovered the vulnerability and used it in their attacks. Specifically, they delivered a malicious file to exploit the flaw as a way to evade detection from antivirus software onboard a Windows system.

The Bonjour updater is well known in the software industry, and as a result, antivirus protection algorithms will generally ignore it to prevent software conflicts on Windows PCs, Morphisec CTO Michael Gorelik wrote in a Thursday report.

“In this scenario, Bonjour was trying to run from the ‘Program Files’ folder, but because of the unquoted path, it instead ran the BitPaymer ransomware since it was named ‘Program,'” he added.

• TikTok removed nearly 90 million videos globally in the second half of 2020February 25, 2021
• Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyFebruary 25, 2021
• Using lessons learnt in 2020 to combat the security threats in 2021February 25, 2021
• Cybercrime and the pandemic – Read Now!February 25, 2021
• Here is why enterprise security isn’t just an IT problemFebruary 25, 2021

According to Morphisec, the BitPaymer ransomware attackers have been targeting companies by first delivering phishing emails that secretly contain malware. The attackers will then conduct reconnaissance over the target’s corporate network before unleashing a ransomware on the victim’s computers. Other attacks have involved first guessing the passwords to remote desktop computers at a victim organization to gain a foothold.

Fortunately, Apple earlier this week fixed the unquoted path vulnerability in iTunes by rolling out updates for iCloud to both Windows 7 and Windows 10. However, Morphisec is warning that many users may be running unpatched versions of the Bonjour updater on their PCs, despite having removed iTunes.

source:  By  Michael Kan / pcmag.com

About Post Author

Daniel Kwaku Ntiamoah Addai

Experienced Information Technology Assistant with a demonstrated history of working in the utilities industry. Skilled in Microsoft Word, Computer Science, IT Service Management, IT Strategy, and Website Administration. Strong information technology professional with a CEHv10 focused in Certified Ethical Hacking from EC Council.

See author's posts