Skip to main content

Windows Version of iTunes Needs Updated To Avoid Ransomware        

By October 23, 2019May 20th, 2021Cybersecurity

Are you a Windows iTunes user?

If so, you should upgrade iTunes immediately or run the risk of being infected with the BitPaymer ransomware strain.

The group controlling the software has been spotted using a zero-day exploit in iTunes for Windows, which allows them to bypass antivirus detection schemes entirely.

The good news is that Apple responded quickly to the flaw’s discovery and has already patched the zero-day out of existence in both iTunes for Windows and iCloud for Windows. The bug itself resided in the Bonjour updater component that ships with both products. The hackers discovered that by abusing the “unquoted service path” vulnerability, they could launch Bonjour then hijack the execution path, pointing it to the BitPaymer executable instead.

While the bug did not grant the hackers admin rights on the target machine, it allowed them to install the ransomware locally without detection, which is certainly bad enough on its own. Unfortunately, there’s a complication you should be aware of.  If you used iTunes or iCloud for Windows in the past and uninstalled the software, the Bonjour component almost certainly remained behind, rendering your system vulnerable to the attack even if you’re not currently using either application.

Your system administrator will need to manually search for and delete the Bonjour component.  If you are using either, then simply updating to the latest version will also update Bonjour, rendering your system protected.

It’s interesting that BitPaymer is being used in this way because typically, that particular strain of ransomware is used in “Big Game Hunting” attacks that target large organizations and seek to infect as many machines as possible, demanding a huge ransom.

This particular attack is designed to impact a single machine, so it could be a sign that BitPaymer’s owners are shifting gears, but it’s too soon to say that with any authority.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply