The operators of the BitPaymer ransomware have been spotted using a zero-day in iTunes for Windows as a mechanism to bypass antivirus detection on infected hosts.
The attacks and the zero-day were found by cyber-security firm Morphisec on the network of an enterprise in the automotive industry that got hit by BitPaymer in August.
Apple patched the zero-day this week, in both iTunes for Windows and iCloud for Windows [1, 2]. The actual bug resided in the Bonjour updater component that ships with both products.
The BitPaymer gang discovered a so-called "Unquoted Service Path" vulnerability in the binary of the Bonjour updater.
This type of vulnerability allowed crooks to launch the Bonjour component and then hijack its execution path and point it to the BitPaymer ransomware instead.
The zero-day didn't allow the BitPaymer ransomware to get admin rights, but it did fool locally installed antivirus software.
After discovering evidence of the zero-day, Morphisec reported the issue to Apple, and the OS maker patched it this month, according to a report the company shared exclusively with ZDNet this week.
But Michael Gorelik, CTO at MorphiSec, says things aren't that simple as updating the two Apple apps. Users who used these two apps in the past are also vulnerable.
That's because the Bonjour component ..
Support the originator by clicking the read the rest link below.
