According to a warning from Apple, a "design issue" in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user. From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.
From Apple's advisory:
- A design issue exists in the iTunes podcast feature. A subscription to a malicious podcast may cause an authentication dialog to be presented to the user. This dialog may entice the user to send iTunes credentials to the podcast server.
Apple has shipped a patch in iTunes 8.1 to clarify the origin of the authentication request in the dialog box.
The iTunes update also corrects a denial-of-service flaw that can be caused via maliciously crafted DAAP messages.
- An infinite loop exists in the handling of iTunes Digital Audio Access Protocol (DAAP) messages. Sending a message containing a maliciously crafted Content-Length parameter in the DAAP header may lead to a denial of service. This update addresses the issue by performing additional validation of DAAP messages.