Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in iTunes when parsing "itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Rob King of TippingPoint DVLabs, and Will Drewry for reporting this issue.