News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • BitPaymer ransomware spotted abusing iTunes for Windows bug to bypass antivirus

    Home Forums Code Red – Security/Privacy advisories BitPaymer ransomware spotted abusing iTunes for Windows bug to bypass antivirus

    Tagged: ,

    Viewing 1 reply thread
    • Author
      Posts
      • #1978634
        b
        AskWoody MVP

        The operators of the BitPaymer ransomware have been spotted using a zero-day in iTunes for Windows as a mechanism to bypass antivirus detection on infected hosts.

        Apple patched the zero-day this week, in both iTunes for Windows and iCloud for Windows. The actual bug resided in the Bonjour updater component that ships with both products.

        Users who used these two apps in the past are also vulnerable.

        That’s because the Bonjour component remains installed on Windows systems even after users uninstall iTunes or iCloud for Windows.

        Sysadmins must scan workstations for the Bonjour component and remove it by hand, or install the latest iTunes for Windows version to make sure the older Bonjour component has been updated.

        Ransomware gang uses iTunes zero-day (at ZDNet)

        (I’ve always thought Bonjour was bad news, and have removed it anywhere I’ve seen it.)

        Windows 10 Pro version 21H1 build 19043.985 + Microsoft 365 (group ASAP)

        4 users thanked author for this post.
      • #1979103
        anonymous
        Guest

        ? says:
        see:
        https://en.wikipedia.org/wiki/History_of_iTunes#iTunes_12  (scroll to the bottom for 12)
        and:
        https://support.apple.com/en-il/HT210635  (for specifics of security patches)

        thank you underscore b…

        1 user thanked author for this post.
        b
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: BitPaymer ransomware spotted abusing iTunes for Windows bug to bypass antivirus

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.