Apple has released a new version of its iTunes software that includes fixes for nearly 60 vulnerabilities, including several bugs that could be used to run remote code on vulnerable machines. Many of the vulnerabilities lie in the open source WebKit layout engine that underpins iTunes. Apple recommends that users download the new version immediately. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution, Apple said in its advisory. The non-WebKit bugs fixed in iTunes are equally as serious, with several of them capable of being used for remote code execution.
Source: https://threatpost.com/apple-fixes-nearly-60-bugs-itunes-102-release-030311/74992/