A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution. A heap buffer overflow issue existed in ImageIO’s handling of JPEG images. Processing a maliciously crafted XML file may result in an unexpected app termination. A memory corruption issue exists in libxml’s XPath handling of XPath expressions. A buffer overflow existed in libTIFF’s. handling of CCITT Group 4 encoded TIFF images. Viewing a malicious. crafted TIFF image may result.
Source: https://thehackernews.com/2011/03/itunes-102-fixes-multiple-security.html