Current Event: ITunes vulnerability leak user credentials
The recently released ITunes 8.1 closed two major security gaps from the previous version. According to Apple, until the latest release, maliciously crafted podcasts could cause ITunes to ask user for credentials but send the username and password to a destination other than Apple’s server. Furthermore, a bug in the ITunes DAAP protocol allowed attackers to send messages with specific Content-length fields causing an infinite loop, and thus a denial of service, to Windows users.
Reference: ZDNet