iTunes 10 addresses 13 security vulnerabilities
Apart from adding new components such as the Ping social network, Apple has also improved the popular media player's security in iTunes 10, closing 13 critical holes in the Windows version of the program.
All of the holes are contained in the program's open source WebKit browser engine component and can be exploited to inject and execute code via specially crafted web pages. In late July, Apple had already fixed the same holes in Safari 5.0.1 and 4.1.1, as these browsers also use WebKit to render HTML pages.
The iTunes AirPlay feature now also allows users to transmit music wirelessly to suitable systems such as those sold by Bowers & Wilkins, Denon and other vendors.
- About the security content of iTunes 10, security advisory from Apple.