Critical Flaw Found in Apple's iTunes

Security firm eEye Digital Security on Thursday warned of a critical flaw in Apple's iTunes software that could allow for remote code execution, and has rated it as a high-risk vulnerability. The flaw affects both iTunes for Windows and Mac OS X on "various" versions of the software.

According to the advisory, a flaw exists "that allows arbitrary code to be executed in the context of the logged in user." The discovery comes just a few days after Apple patched another security hole in the Windows version of iTunes. That vulnerability involved using the iTunes 5 helper application to launch a potentially malicious program.