I suppose the attack exposure is low for iTunes, but this one does include a certificate validation fix for both OS X and Windows that could arguably be used to hijack the updater. Better load this one up soon folks.
The latest iTunes update is available fixing 41 vulnerabilities on Windows and one for OS X. This update includes fixes for bugs reported as far back as April 2012 and the famous Pinkie Pie vulnerability disclosed at last year's Google Pwnium 2 contest.
I would like to say "Wait before you patch", but I think that is terrible advice. On critical servers it is a good idea to test, but this wasn't an obvious thing to find.
All change brings risk? The risk of patches failing is almost always lower than the risk of compromise. My lesson? Deal with it. Patching is always the better bet, even if it goes wrong once in a while. Not patching goes wrong almost always.
Maybe it is time for the US to nationalize data breach notification laws. This patchwork of "Hey you live in Michigan, you're screwed, but you might never know. Oh you live in North Dakota, you will at least find out when you're screwed" has got to stop.
The US states of Vermont and North Dakota recently amended their data breach notification laws to cover more organizations and include medical records not currently protected under HIPAA. Meanwhile, the state of Michigan lost 49,000 names, birth dates and cancer screening results and claims they are not "medical records". What do you think?