There is a zero-day vulnerability affecting a component that comes inbuilt with Apple's software, iTunes and iCloud for Windows, which exploitation causes it to evade detection by antivirus.
While the vulnerability stems from Bonjour updater, the zero-configuration networking (zeroconf) implementation of communication protocol that works in the background to automate low-level network tasks, such as downloading future updates of Apple software.
The protocol is a set of technologies which automatically creates usable computer network based on the TCP/IP when PCs or other network peripherals are interconnected, without requiring special configuration servers or any manual operator intervention. Bonjour updater is installed as separate program on PCs, so simply uninstalling Apple iTunes and iCloud doesn't actually remove it, that is the more reason it remain installed on numerous Windows PCs still not updated, and silently running behind the scene.
The zero-day vulnerability exploitation of the Bonjour was disclosed by researchers from Morphisec Labs, made possible when an attacker targeted an unnamed organization in the automotive industry with the BitPaymer ransomware.
And the component was exploitable by the unquoted service path vulnerability, which is a common software flaw that occurs when an executable contains spaces in filename and so, it's not enclosed in the quote tags ("") as required. Therefore the unquoted service path vulnerability is exploitable by simply planting a malicious file to the parent path to trick legit applications into executing the malicious programs to evade detection.
Apple, however has released the fix in iCloud for Windows 7.14, iCloud for Windows 10.7, and iTunes 12.10.1 for Windows to patch the vulnerability. It is recommended that all Windows users with either iTunes or iCloud installed should update to the latest software to ensure their security.
No comments