Apple has shipped iTunes 9.0.1 to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks. The vulnerability could be used by hackers to launch code execution attacks via booby-trapped .pls files, Apple warned in an advisory. The update is available for Mac OS X v10.4.11 or later. Windows XP, Vista and Windows 7 users are also at risk from the bug. This update addresses the issue through improved bounds checking.
Source: https://threatpost.com/apple-zaps-critical-itunes-security-bug-092309/72216/