Update now! Windows users targeted by iTunes Software Updater zero-day

From nakedsecurity.sophos.com

One of the flaws that Apple patched in last week’s iTunes app for Windows update was a zero-day used to spread the BitPaymer ransomware, security company Morphisec Labs has revealed.

This alarming-sounding flaw is only briefly alluded to at the end of Apple’s release notes for iTunes version 12.10.1 as being related to Apple’s Software Updater, also used by iCloud for Windows.

According to a new blog by Morphisec, we now know it was a zero-day vulnerability used by BitPaymer to target “yet another enterprise in the automotive industry.”

Read more…