Why would you accept an iTunes playlist from somebody you don't know? If you do, you run the risk of bad things happening (like it really being an applescript rather than a playlist).

Nothing can stop social engineering exploits. This is true for all operating systems, not just OSX or Windows.

As Intruder says, "Why would you accept an iTunes playlist from somebody you don't know?" If someone is stupid enough to do this, then probably are smart enough to turn on firewall or keep their Anti spyware up to date regardless.

and i would dispute the market share theory, as Apple market shares has gone up .7% (as in POINT 7) i cant imagine that makes apple that much more of an attractive target to anyone. Even when macs enjoyed 5-10% market share, viruses weren't all that common.

He says he's seen attacks, but doesn't give any examples. WTF?

You and the next couple of posters deride others as being "stupid enough" to accept playlists from someone than maybe they deserve what happens to them. Well, I am a pretty competent computer using professional who likes the fact that iTunes is included on my work computer ( aluminum Powerbook 15"); I see it as a nice value added feature to my working environment. As such I don't spend time worrying about how the program works.

I've been in several locations where others playlists/libraries show up in my iTunes window. Is this the potentially dangerous exploit being referred to here? If so how do I turn it off? I may be uninformed about the usage of iTunes but I fail to see how that connects to the "I deserve what I get" implications of your comments.

How about simply saying, "Yeah, the threat is real and many people don't know how to counter it. Here's what you do to prevent this from happening to you..." Well enough of my rant, I guess I'm now off to find out how to fix the problem instead of deriding others for not having known this ahead of time. A quick search in iTunes help using the terms "playlist sharing" brings up several results that may be the answer...

Go to Preferences>sharing... and turn off "Look for shared music."

I never said anything about being "stupid enough" to accept playlists. Nor did I say that people deserve what they get. What I said what that if one accepts a playlist from somebody you don't know (and that could come from several paths, not just through bonjour) then you are inherently running a risk. That is an undeniable fact. Please don't put words in my mouth.

As the author of the article was completely UNCLEAR about the actual exploits, I do not know if what you are seeing is actually the exploit vector. Since you can export playlists (file>export song list), it may be that it only happens with lists that are e-mailed. Since the author failed to tell us what the actual exploit is, we can only guess.

Social engineering exploits work on people's inherent curiosity (the "I wonder what this big red button does" scenario), which is why they are so hard to defeat. Best defense is to not click on or open any attachment (in the case of e-mail) from somebody you do not know. That is true for any level of user on any OS.