Apples iTunes for Windows update closes off ransomware attack vectorOctober 14, 2019
Apple has patched an exploit in Bonjour, iTunes, and iCloud for Windows that was an open door for ransomware to attack systems.
The exploit essentially allowed malware to execute in Windows, looking like it was a trusted application. Properly crafted, an attacker could piggyback on an iTunes and Bonjour digital signature, and slip past malware protection.
Morphisec, the security research firm that found the exploit says that the BitPaymer malware was using the vector of attack to infect systems. Windows systems updating to the new iTunes 12.10.1 won’t unencrypt any locked files, though.
It isn’t presently clear when the exploit was introduced. However, Apple has recently updated iTunes and iCloud for Windows, closing off the vector of attack.
Users that have removed iTunes and iCloud from a Windows install aren’t necessarily out of the woods. Apple’s network auto-discovery tool Bonjour has to be uninstalled seperately from iTunes or iCloud for Windows, potentially leaving that avenue open. There is no direct patch for Bonjour without updating iTunes or iCloud for Windows.
Apple’s macOS is not and was never impacted by the flaw. Morphisec waited for Apple to patch the exploit, and is just now detailing the vulnerability.
Bitpaymer is relatively recent. It was first spotted in the wild, focusing on hospitals, organizations, universities, and governmental agencies. The ransom for the encryption key was steep, with ransoms of up to 70 Bitcoin (about $570,000) demanded.