The operators of the BitPaymer ransomware have been spotted using a zero-day in iTunes for Windows as a mechanism to bypass antivirus detection on infected hosts.
…
Apple patched the zero-day this week, in both iTunes for Windows and iCloud for Windows. The actual bug resided in the Bonjour updater component that ships with both products.
…
Users who used these two apps in the past are also vulnerable.That’s because the Bonjour component remains installed on Windows systems even after users uninstall iTunes or iCloud for Windows.
Sysadmins must scan workstations for the Bonjour component and remove it by hand, or install the latest iTunes for Windows version to make sure the older Bonjour component has been updated.
Ransomware gang uses iTunes zero-day (at ZDNet)
(I’ve always thought Bonjour was bad news, and have removed it anywhere I’ve seen it.)
