Avoid Ransomware By Updating iTunes      

October 23rd, 2019
Avoid Ransomware By Updating iTunes      

Are you a Windows iTunes user? Then, you'll need to upgrade iTunes immediately to avoid ransomware.

The group is controlling the software using a zero-day exploit in iTunes for Windows. Allowing them to bypass antivirus detection schemes entirely.

Apple responded quickly and has already patched the zero-day out of existence in iTunes for Windows and iCloud for Windows. The bug itself resided in the Bonjour updater component that ships with both products. The hackers discovered that by abusing the "unquoted service path" vulnerability, they could launch Bonjour. Then, hijack the execution path, pointing it to the BitPaymer executable instead.

While the bug did not grant the hackers admin rights on the target machine, it allowed them to install the ransomware locally without detection, which is undoubtedly bad enough. Unfortunately, there's a complication. If you used iTunes or iCloud for Windows in the past and uninstalled the software, the Bonjour component almost certainly remained behind, rendering your system vulnerable to the attack even if you're not currently using either application.

Your system administrator will need to search for and delete the Bonjour component manually. If you are using either, then simply updating to the latest version will also update Bonjour, rendering your system protected to avoid ransomware attacks.

Interestingly, the BitPaymer ransomware used "Big Game Hunting" attacks that target large organizations and seek to infect as many machines as possible, demanding a huge ransom.

The design of this particular attack impacted a single machine. Meaning, BitPaymer's owners are shifting gears, but it's too soon to say that with any authority.


Leave a comment!

Your email address will not be published. Required fields are marked *