HomeWinBuzzer NewsA Zero-Day iTunes for Windows Exploit Let Hackers Secretly Install Ransomware

A Zero-Day iTunes for Windows Exploit Let Hackers Secretly Install Ransomware

An unquoted path vulnerability in the Bonjour service has let hacking groups silently install ransomware on Windows PCs. The issue has since been patched.


Researchers at Morphisec have uncovered a zero-day vulnerability in and iCloud that lets attackers install on Windows PCs. The infection method allowed malware to remain undetected by antivirus software.

The flaw resides in Apple's use of Bonjour, a program it initially created for Mac that handles hostname resolution and other networking tasks. The Apple software suite contains an unquoted path vulnerability, which Morphisec describes as such:

“Software developers are using more and more object-oriented programming, and many times when assigning a variable with a path, they assume that using the String type of the variable alone is enough – well it's not! The path still needs to be surrounded by quotes (‘\\').”

This opens an avenue for attackers to exploit. In this case, the unquoted path was “C://Program ‘Files'…”.  By naming the malware Program, attackers could run a malicious file via Apple's service. It's given credibility by the company's certificate and ignored by many AV products. Additionally, as the file in question is not an exe, it's less likely to be scanned.

Thankfully, Apple has since patched the vulnerability that the BitPaymer/IEncrypt group of malware can exploit. However, Morphisec is continuing to work with Apple on other vulnerabilities.

It also notes that the number of Windows PCs with the bonjour service installed is surprisingly high. When users uninstall iTunes, bonjour stays silently on the PC and isn't automatically updated.

As a result, users should uninstall bonjour or download the latest version of iTunes and iCloud from Apple's site. The vulnerabilities are particularly relevant as the company is sunsetting iTunes for Apple Music on other platforms, but keeping it on Windows. Questions have been raised about whether it will keep up the necessary security and feature support for the foreseeable future.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News