"BitPaymer Ransomware Attackers Exploit Apple Flaw to Bypass Detection"

A zero-day flaw in iTunes for Windows and iCloud for Windows has been patched by Apple. The actual bug was contained by Bonjour, a component that comes with iTunes for Windows machines used to deliver updates and help services discover each other. According to researchers at Morphisec, the bug is an unquoted service path, which occurs when a file path to an executable service is not surrounded by quotation marks. The bug has been exploited by attackers to circumvent users' security defenses such as antivirus software and run BitPaymer ransomware, also known as IEncrypt. This article continues to discuss the zero-day flaw that was contained by the Bonjour updater in relation to what type of vulnerability it was, its exploitation by attackers to execute ransomware, and how it was addressed by Apple, in addition to the effectiveness of the exploit. 

SC Media reports "BitPaymer Ransomware Attackers Exploit Apple Flaw to Bypass Detection"

 

Submitted by Anonymous on