Attackers exploit an unquoted path flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks. Apple will be sunsetting iTunes on Macs after the release of macOS Catalina earlier this week. Researchers from Morphisec Labs in August identified the abuse of the flaw. Apple has recently patched the flaw in an iCloud for Windows update. Researchers immediately disclosed the attack to Apple, which has recently issued an iCloud update to iTunes users with Windows desktops.
Source: https://threatpost.com/apple-itunes-bug-bitpaymer-iencrypt/149075/