Apple on Thursday released iTunes 8.1, which includes a fix for a vulnerability that could lead to theft of usernames and passwords if a podcast containing malware were subscribed to.
The software update addresses a design issue in the iTunes podcast feature that made it possible for a subscription to a malicious podcast to cause an authentication dialog to be displayed that could prompt the user for log-in credentials to the podcast server, Apple's advisory said.
The issue affects Mac OS X v 10.4.10 and later. The issue was reported by Simon Bellwood.
iTunes 8.1 also fixes a vulnerability that could allow maliciously crafted Digital Audio Access Protocol messages to cause a denial of service on computers running Windows XP or Vista. Fortinet's Fortiguard Global Security Research team is credited with discovering this bug.