CyberNews Briefs

Flaw in iTunes for Windows Abused for Ransomware Attacks

Security researchers with Morphisec are warning the BitPaymer ransomware actors have been exploiting a security flaw in the Bonjour updater for the Windows version of Apple iTunes in order to avoid detection by anti-malware solutions on targeted systems.

Bonjour contains an “unquoted path vulnerability,” that can enable threat actors to let the app run malicious files. Simply put, if a path name containing a space does not have quotes around it, Windows will run only the first word in the path, before the space. Morphisec CTO Michael Gorelik explained that “in this scenario, Bonjour was trying to run from the ‘Program Files’ folder, but because of the unquoted path, it instead ran the BitPaymer ransomware since it was named ‘Program.'” Apple has released a fix for the issue. However, users who have removed iTunes from their system without also deleting Bonjour, will still have a vulnerable instance on their system, probably without realizing it.

Read more: Flaw in iTunes for Windows Abused for Ransomware Attacks

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.