Transport

Apple Zero-day Flaw Used Against Automotive Industry

8 - 15 October 2019

Hackers are leveraging an Apple zero-day vulnerability to install the BitPaymer ransomware at several companies from the automotive industry.
Cyber_News_Transport

Hackers are leveraging an Apple zero-day vulnerability to install the BitPaymer ransomware at several companies from the automotive industry. The zero-day flaw affects the Apple Software Update service bundled with iTunes and iCloud for Windows. The service contains an unquoted path vulnerability that allows the attacker to launch the ransomware payload instead of the legitimate binary. As the trusted programme is digitally signed by Apple, the ransomware can bypass anti-malware solutions to execute its encryption routine. Devices previously installed with Apple Software Update are also affected as the programme is not totally removed when uninstalled. Apple has patched the zero-day vulnerability with the release of iTunes 12.10.1 for Windows and iCloud for Windows 7.14/10.7 on 7 October.

References:

Apple Zero-Day Exploited in New Bitpaymer Campaign

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence