Recently, Morphisec Labs researchers revealed that a hacker organization is using Bonjour components of zero-day vulnerabilities to attack, which is likely to affect the user to install iTunes and iCloud applications for Windows. In fact, when you use your computer, often you find a software called Bonjour.
Bonjour is a trade name server search protocol of Apple after the operating system development version of Mac OS X 10.2 introduced. Bonjour Updater is bundled with iTunes and iCloud download components of. Most notably, due Bonjour Updater is installed on your system as a separate process, so even if we uninstall iTunes and iCloud, Bonjour will not be deleted. This is the ultimate cause of Bonjour on many Windows computers can be retained. It seems Bonjour update may exist on your computer or mobile phone.
Morphisec Labs researchers discovered a loophole service route is not referenced in the Bonjour update program. When the file path name of the executable file contains a flaw and no double quotation marks ( "\\") enclose, vulnerability occurs. Hackers can embed malicious executable file in the file path, trick legitimate applications and execute malicious programs to evade detection by security exploit this vulnerability.
Morphisec Labs researchers found that after the attacks, they immediately shared the details of the attack and Apple executives. Apple recently released a Windows version of iCloud 10.7, Windows version iCloud 7.14 and Windows versions of iTunes 12.10.1, in order to resolve this vulnerability.
Via: ArsTechnica