Security vendor Secunia on Tuesday warned that iTunes 4.x suffers from a vulnerability "caused due to a boundary error within the handling of .m3u and .pls playlists." The bug, said Secunia, can be exploited by a maliciously-crafted playlist to cause a buffer overflow on the target computer, which could then let the hacker gain complete control of the machine.
"Successful exploitation may allow execution of arbitrary code," Secunia stated in its alert.
The solution, said Secunia, is to update to the newest version of the iTunes software, labeled 4.7.1, which was posted on the Apple site Tuesday.