Attackers exploit an iTunes zeroday to install ransomware

by
Dan Goodin
from Ars Technica - All content on (#4S9ZJ)
itunes-zero-day-800x450.jpg

Enlarge (credit: Aurich Lawson / Getty Images)

Attackers exploited a zeroday vulnerability in Apple's iTunes and iCloud programs to infect Windows computers with ransomware without triggering antivirus protections, researchers from Morphisec reported on Thursday. Apple patched the vulnerability earlier this week.

The vulnerability resided in the Bonjour component that both iTunes and iCloud for Windows relies on, according to a blog post. The bug is known as an unquoted service path, which as its name suggests, happens when a developer forgets to surround a file path with quotation marks. When the bug is in a trusted program-such as one digitally signed by a well-known developer like Apple-attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.

Morphisec CTO Michael Gorelik explained it this way:

Read 8 remaining paragraphs | Comments

index?i=98Y2g0wTI_M:Smjqptb_d0w:V_sGLiPB index?i=98Y2g0wTI_M:Smjqptb_d0w:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments