Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://threatpost.com/apple-itunes-bug-bitpaymer-iencrypt/149075/
Bad actors are actively targeting a vulnerability in the Windows version of Apple iTunes to deliver BitPaymer/iEncrypt ransomware. It’s a new attack pattern that is difficult to detect, security researchers revealed Thursday.

Researchers from Morphisec Labs in August identified the abuse of the flaw, which exists in the Bonjour updater that comes packaged with iTunes for Windows, to deliver ransomware in an attack on an unidentified enterprise in the automotive industry.

Morphisec immediately disclosed the attack to Apple, which has recently patched the flaw in an iCloud for Windows update. While Apple will be sunsetting iTunes on Macs after the release of macOS Catalina earlier this week, Apple device users with Windows desktops will still need to rely on iTunes for the foreseeable future.
Click to expand...
threatpost.com

Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign

Attackers exploit an “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks.
threatpost.com threatpost.com
 
  • Like
  • Thanks
Reactions: oldschool, upnorth, Gandalf_The_Grey and 4 others
[correlate]

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
iTunes Zero-Day Exploited to Deliver BitPaymer

The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report.
Back in August, the Morphisec team noticed attackers targeting the network of an enterprise in the automotive industry. The researchers shared their discovery with Apple, and a patch is now available. Businesses and consumers should take note: Apple will sunset iTunes for Mac with the release of macOS Catalina this week, but Windows users will continue to rely on iTunes.
Click to expand...

www.darkreading.com

iTunes Zero-Day Exploited to Deliver BitPaymer

The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
www.darkreading.com www.darkreading.com
 
  • Like
Reactions: Gandalf_The_Grey and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Apple fixes three new zero-days exploited to hack iPhones, Macs
Replies
0
Views
1,136
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
New Update Apple discloses 2 new zero-days exploited to attack iPhones, Macs
Replies
1
Views
2,240
macOS, iOS & iPadOS
CyberTech
CyberTech
vtqhtr413
    • +Reputation
    • Like
    • Applause
Security News Vulnerability in Apple M-series chips leak encryption keys
Replies
1
Views
1,948
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top