Attackers exploit an iTunes zeroday to install ransomware

The iTunes logo has been photoshopped onto a pistol target that has been shot multiple times.

Enlarge (credit: Aurich Lawson / Getty Images)

Attackers exploited a zeroday vulnerability in Apple’s iTunes and iCloud programs to infect Windows computers with ransomware without triggering antivirus protections, researchers from Morphisec reported on Thursday. Apple patched the vulnerability earlier this week.

The vulnerability resided in the Bonjour component that both iTunes and iCloud for Windows relies on, according to a blog post. The bug is known as an unquoted service path, which as its name suggests, happens when a developer forgets to surround a file path with quotation marks. When the bug is in a trusted program—such as one digitally signed by a well-known developer like Apple—attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.

Morphisec CTO Michael Gorelik explained it this way:

Read 8 remaining paragraphs | Comments

Source link

قالب وردپرس

Related posts

Samsung Galaxy S7 active SM-G891 (AT&T Unlocked) MUST READ DESCRIPTION!


OnePlus 6T 128GB Black A6013 (T-Mobile) Android Smartphone GD626


You Can Now Play the Original Diablo in Your Browser

50 % Coupon CodeRedeem now