Secunia reports that it found a vulnerability in iTunes. The hole is described by the security company as "highly critical", which is their second highest threat level.
The level means that malware can gain full system access to the computer, but so far there is no evidence of attack in circulation.
The vulnerability is due to an error in how the program handles itpc: / / links (iTunes protocol). Especially crafted URLs using this protocol can lead to buffer overflow errors, which in turn allows execution of arbitrary code.The hole, however, should be sealed in the latest version.
iTunes 9.2.1 was released on Monday this week, and both Secunia and Apple urges users to upgrade.
