A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw.
The group of hackers responsible for BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability. The vulnerability is affecting a known component which comes bundled with Apple’s iTunes and iCloud for Windows to evade detection. The Bonjour updater is a component of Apple software which is used to download the future Apple updates. Bonjour is the malicious component that gets separately installed in a system.
Uninstalling iTunes and iCloud will not be helpful as Bonjour is an independent program. Researchers detected the exploitation of Bonjour in August for the first time when it targeted an automotive industry with the BitPaymer ransomware. The Bonjour component was found vulnerable to the unquoted service path vulnerability, a common software security flaw that occurs when the path of an executable contains spaces in the filename and is not enclosed in quote tags(“”).
The unquoted service path vulnerability can be exploited by planting a malicious executable file to the parent path. This leads the genuine application to run the malicious code and in this way it evades detection. The unquoted service path vulnerability can also be used to gain privileges and the vulnerable program can be run under higher privileges. Bonjour was used to allow the malwares to go undetected as the Bonjour component appears like an authentic process.
The security patches for this vulnerabilities are released and every Apple and Windows user should update their software to the latest version. Users must go through their installed application list and if Bonjour is found in it, they should uninstall it manually.
Use NPAV for better security against cyber attacks.