Morphisec has identified the abuse of an Apple zero-day vulnerability in the Apple Software Update utility that comes packaged with iTunes for Windows. The vulnerability is rarely seen in the wild, yet it is a well-known bug that has previously been identified by other vendors for more than 15 years. Apple is sunsetting iTunes for Macs with the release of Macs this week, while Windows users will still need to rely on iTunes for the foreseeable future. The attackers abused an unquoted path vulnerability to maintain persistence and evade detection.”]
Source: https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign