Ransomware attackers have been abusing a vulnerability in the Windows version of Apple iTunes to avoid detection from antivirus software, according to security researchers. The problem deals with the Apple-created Bonjour updater that comes with iTunes for Windows, which is used to deliver software updates to the app. Security firm Morphisec has discovered it also suffers from an “unquoted path vulnerability,” which can cause the Bonjour updater to indiscriminately run a file, whether it be safe or malicious.
Source: UK PC Magzine