Tue. Nov 19th, 2019

Hackers are exploiting iCloud and iTunes for Windows vulnerability for spreading ransomware

1 min read

Recently, Morphisec Labs researchers revealed that a hacker organization is using the zero-day vulnerability of the Bonjour component to attack, which is likely to affect users who install the iTunes and iCloud apps for Windows. In fact, when you use a computer, you often find a software called Bonjour.

iCloud Universal Windows Platform

Bonjour is the trade name of the server search protocol introduced by Apple after the development of the Mac OS X 10.2 version of the operating system. The Bonjour Updater is a bundled download component with iTunes and iCloud. Most notably, since the Bonjour Updater is installed as a separate program on the system, Bonjour will not be deleted even if we uninstall iTunes and iCloud. That’s why Bonjour is finally able to stay on many Windows computers. It seems that the Bonjour updater may exist on your computer or mobile phone.

The Morphisec Labs researchers found an unquoted service path vulnerability in the Bonjour updater. This vulnerability occurs when the file name of the executable file path contains a vulnerability and is not enclosed in double-quotes (“\\”). Hackers can exploit this vulnerability by embedding malicious executables in a file path, tricking legitimate applications into executing malicious programs and evading security detection.

Morphisec Labs researchers found that after the attack, they immediately shared the details of the attack with Apple executives. Apple recently released Windows version iCloud 10.7, Windows version iCloud 7.14 and Windows version iTunes 12.10.1 to resolve the vulnerability.

Via: ArsTechnica