A zero-day vulnerability in Bonjour, Apple software updater for Windows, has been actively used by BitPaymer ransomware operators since August. Then, several automotive and financial companies were targeted. Bonjour, designed to keep Apple apps up to date on Windows machines, is automatically installed with iTunes and iCloud for Windows. Even when the applications are uninstalled, Bonjour itself doesn't uninstall automatically and remains active on systems. This enabled attackers to infect large numbers of corporate computers, using "unquoted-path" vulnerability in Bonjour. Additionally, the updater is signed by Apple, which further helps to evade detection.
Apple patched the exploited vulnerability on October 7 in the release of iTunes 12.10.1 for Windows and iCloud for Windows 7.14/10.7.