This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
3cb12bf18862a6b8d19ec162dc207e19cb5f515c8eb78c636ca9c004868e964d