Apple To Patch A Malware In iTunes For Windows

Apple has just come up with a patch for ab iTunes’s zero-day bug in Windows, which let hackers install the ransomware called BitPayment without being detected.

This flaw was uncovered by Morphisec, a cybersecurity firm, amidst Apple axing iTunes and offering TV, Music, and Podcasts app in its place for macOS Catalina. iTunes will still work on Windows.

The patch for the flaw was released on the 7^th of October in iCloud for Windows 7.14 and iTunes 12.10.1 for Windows.

As stated by Morphisec, bad actors exploited iTunes’s packed-along Bonjour helper utility and its path vulnerabilities to infect computers of a company in the motor vehicle business with ransomware.

Since Bonjour remains after iTunes was uninstalled, it is advisable that users must remove the software manually or install the most updated version of iTunes to fix the vulnerability.

You may have guessed from the name what the flaw can do. It appears when the path leading to a service’s location is not listed in quotations, Windows has to look in all of the folders until the system finds the file.

For example, if the location of a program is c:\program files\sub folder a\sub folder b\program.exe, hackers can string in code to run a harmful program by exploiting the absence of quotes: c:\program files\sub folder a\malicious program.exe.

That is not all, hackers can have elevated privileges if it is the admin or SYSTEM users are running the service, paving the way to infect any kind of malware, and in this particular case, the BitPayment ransomware.

According to Michael Gorelik, the CTO of Morphisec, the malware does not have the ‘.exe’ extension and was named only ‘Program.’ This is why it could avoid the protection of antivirus programs and also exposure.

BitPayment is a kind of malware that encrypts apps, data, and program files.