Zero-day vulnerability in Apple iTunes and iCloud for Windows patched

Hi guys,

A zero-day vulnerability in iTunes and iCloud for Windows, which has been exploited in Ransomware attacks has been patched in Patch Tuesday October 2019 updates.

The vulnerability exists in the Bonjour installer that gets installed in Windows machines along with the iTunes and iCloud for Windows app.

This vulnerability in Bonjour installer is an 'unquoted service path' vulnerability, and can be exploited by planting a malicious executable file to the parent path. Further this exploit's chain of process execution goes undetected by Anti-virus solutions as Bonjour has a legitimate process signed by a known vendor.

So patch this vulnerability right away using Patch Manager Plus by searching and applying the following patch IDs.

iTunes 12.10.1 for Windows:

PatchID : 311174

Bulletin ID : TU-012

Patch Description : Apple iTunes (12.10.1.4)

PatchID : 311175

Bulletin ID : TU-012

Patch Description : Apple iTunes (X64) (12.10.1.4)

iCloud for Windows 7.14:

PatchID : 311176

Bulletin ID : TU-132

Patch Description : iCloud (7.14.0.29)

Note: Uninstalling iTunes and iCloud for Windows will not remove the Bonjour installer as it gets downloaded as a separate program in the system. So for users who previously used iTunes and iCloud for Windows, the Bonjour installer is probably still running silently in the background and is vulnerable to exploitation. So make sure to manually uninstall the Bonjour installer program from your endpoints.

Patch, update and stay secure.

Cheers

ManageEngine Team.