Ransomware Attacks due to vulnerability in iTunes for Windows

Security researchers have recently uncovered that in order to avoid being detected from antivirus software; ransomware attackers have been abusing vulnerability in the windows version of AppleiTunes.

The iTunes for Windows comes with an updater called Bonjour that has been created by Apple which gives software updates to the app, and it also happens to be where the problem lies. Apart from this an “unquoted path vulnerability” is also uncovered by Morphisec, the security firm which explains it to be causing running a file, safe or malicious; indiscriminately by the Bonjour updater.

According to the report written by the CTO of Morphisec, Michael Gorelik, antivirus protection algorithms generally tend to ignore the Bonjour updater to prevent software conflicts on Windows PCs as Bonjour happens to be pretty known in the software industry.

Having discovered the vulnerability, the hackers operating the BitPaymer ransomware strain; used the vulnerability in their attacks. The antivirus software on board the Windows system missed detecting the malicious file that the hackers delivered; given the vulnerability.

Gorelik also explained that since Bonjour was attempting to run from the folder of ‘Program Files’, it ended up running the BitPaymer ransomware due to the unquoted path; which was named ‘Program’.

The good news is that iTunes rolled out updates for iCloud for both Windows 7 and 10 in order to fix the unquoted path. However; for those users who might be running unpatched versions, the threat is still lingering.

In Gorelik’s report he also shared their surprise given the investigation outcomes, which showed that a large number of computers across multiple enterprises have the Bonjour updater installed. Either by pursuing the Control Panel or Windows’ Settings menu one can uninstall Bonjour.

Dr.James Robinson

Dr.James Robinson, MD, MS is an Associate Professor of Epidemiology and Medicine DescriptionThe Icahn School of Medicine at Mount Sinai is a private graduate medical school in Manhattan, New York City, where he serves as a founding co-Director of the Center for Drug Safety and Effectiveness. He is a practising general internist and pharmacoepidemiologist and is internationally recognised for his research examining prescription drug utilisation. Dr.James Robinson is the author of over a hundred scientific articles and book chapters, is a frequent speaker on health care issues and has served on numerous editorial and advisory boards. Email Id: jamesrobinson@timestechpharma.com

Leave a Reply

Your email address will not be published. Required fields are marked *