Apple Zero-day Flaw Used Against Automotive Industry
Hackers are leveraging an Apple zero-day vulnerability to install the BitPaymer ransomware at several companies from the automotive industry. The zero-day flaw affects the Apple Software Update service bundled with iTunes and iCloud for Windows. The service contains an unquoted path vulnerability that allows the attacker to launch the ransomware payload instead of the legitimate binary. As the trusted programme is digitally signed by Apple, the ransomware can bypass anti-malware solutions to execute its encryption routine. Devices previously installed with Apple Software Update are also affected as the programme is not totally removed when uninstalled. Apple has patched the zero-day vulnerability with the release of iTunes 12.10.1 for Windows and iCloud for Windows 7.14/10.7 on 7 October.
References:Apple Zero-Day Exploited in New Bitpaymer Campaign
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services