A zero-day vulnerability found in Apple iTunes and iCloud was exploited by cybercriminals to infect Windows computers of an automotive company with the BitPaymer ransomware. The attack was reportedly not detected by antivirus solutions. According to Morphisec security researchers, the exploited vulnerability was found in the Bonjour component that iTunes and iCloud programs for Windows use to deliver software updates.
The unquoted service path vulnerability found in Bonjour, which occurs when a file path is left without quote marks, can allow cybercriminals to execute arbitrary code without tipping off antivirus solutions because it resides within a trusted program.
Because Bonjour is a signed program, cybercriminals took advantage of the unquoted service path vulnerability to run the BitPaymer ransomware that they named “Program.” Normally, the Bonjour component runs from the “Program Files” folder. BitPaymer also managed to evade cybersecurity detection because it did not have the .exe extension.
It should be noted that this vulnerability only affects users of iTunes and iCloud on the Windows platform, as iTunes no longer exists for Mac users with the emergence of macOS Catalina. This Windows vulnerability has been patched by Apple earlier this week.
Given their nature, zero-day attacks are inherently unpredictable and difficult to prepare for and defend against. This is especially true for organizations whose security measures are developed around known and already patched flaws. A proactive, defense-in-depth approach, however, can help mitigate them.
Here are some of the other countermeasures that organizations can adopt to defend against zero-day attacks:
The Trend Micro™ Apex One™ security solution’s virtual patching delivers the timeliest vulnerability protection across a variety of endpoints, including point-of-sale (PoS), internet of things (IoT) devices, and systems with end-of-support (EoS) operating systems.
The Trend Micro™ Deep Discovery™ solution provides detection, in-depth analysis, and proactive response to attacks using exploits and other similar threats through specialized engines, customized sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect threats even without any engine or pattern update.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.