silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Bad actors are actively targeting a vulnerability in the Windows version of Apple iTunes to deliver BitPaymer/iEncrypt ransomware. It’s a new attack pattern that is difficult to detect, security researchers revealed Thursday.
Researchers from Morphisec Labs in August identified the abuse of the flaw, which exists in the Bonjour updater that comes packaged with iTunes for Windows, to deliver ransomware in an attack on an unidentified enterprise in the automotive industry.
Morphisec immediately disclosed the attack to Apple, which has recently patched the flaw in an iCloud for Windows update. While Apple will be sunsetting iTunes on Macs after the release of macOS Catalina earlier this week, Apple device users with Windows desktops will still need to rely on iTunes for the foreseeable future.
Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign
Attackers exploit an “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks.
threatpost.com