iTunes, the digital media player developed and maintained by Apple has been updated to version 9.0.1. The update is meant to fix a couple of bugs, but that is not all. iTunes 9.0.1 also plugs a security hole which affects iTunes on several platforms: Mac OS X 10.4 Tiger and later, Mac OS X Server 10.4 and later, Windows XP, Vista and even Windows 7. The security vulnerability refers to the fact that if the user opens a maliciously crafted .pls file, this may lead to the application terminating unexpectedly or it may lead to arbitrary code execution.

Here are the bugs that iTunes 9.0.1 fixes:

• Resolves issues browsing the iTunes Store.
  
• Addresses a performance issue where iTunes may become unresponsive.
  
• Fixes a problem where iTunes may unexpectedly quit.
  
• Fixes a problem syncing Podcasts in playlists to iPod or iPhone.
  
• Fixes a problem sorting albums with multiple discs.
  
• Addresses an issue with the Zoom button not switching to Mini Player.
  
• Improves application syncing for iPod touch and iPhone.
  
• Genius is now automatically updated to show Genius Mixes.

And here is the description of the security hole it plugs:
CVE-2009-2817
A buffer overflow exists in the handling of .pls files. Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

Apple upgraded iTunes to version 9.0 earlier this month, as some of you may very well remember. The new version brought forth several new features, including:

• New look for the app and iTunes Store
  
• Share your iTunes library with up to 5 authorized computers.
  
• Improved syncing
  
• Enhanced App Management
  
• New music format called iTunes LP
  
• Genius Mixes puts together a playlist composed of songs it thinks go well together
  
• iTunes U items are organized in their own section of iTunes library
  
• About 30,000 ringtones available for purchase.