Apple has issued an advisory to warn that malicious hackers can rig audio files to hijack usernames and passwords from its popular iTunes media player. The company described the bug as a design issue in the iTunes podcast feature can be abused via rigged audio files. A subscription to a malicious podcast may cause an authentication dialog to be presented to the user. From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server. Apple has shipped a patch in iTunes 8.1.
Source: https://threatpost.com/apple-patches-itunes-password-stealing-hole-031309/72543/