A Critical Evaluation of A Recent Cybersecurity Attack on iTunes Software Updater

Abstract

A rising number of businesses are embracing the Industry 4.0 paradigm by connecting their industrial systems and implementing a variety of cutting-edge technologies (such as cloud computing, smart devices, and data mining analytical), which in turn make Operations become more productive and efficient. However, this development and improvement on these businesses has been accompanied by the emergence of different types of cybersecurity difficulties and attacks. In this paper, a critical assessment for the recent iTunes software updater attack will be investigated and analyzed. A security vulnerability was discovered in iTunes software updater has been exploited to run ransomware on the targeted environment. Attacks could have taken advantage of an unquoted file path in the assigned system service that handled iTunes software update, which instead of running the targeted updater executable, it would have executed ransomware instead on the target computer. The ransomware sat undetected due to it be not containing a file extension and therefore was not scanned by antivirus software. Its malicious behavior was also not detected by antivirus software due to the iTunes updater being signed and trusted, so antiviruses thought the ransomware was trusted as well. Potential victims who had iTunes previously installed on their device was also vulnerable due to the updater being left behind when iTunes is uninstalled. This created a bigger number of potential victims that could have been exploited. While this exploit was not taken advantage of, this exploit existed and still exists in other applications because of developer error and lack of testing for this exploit.