The attack, which Websense has dubbed LizaMoon, injects a single line of code into websites that sends the user to a well-known fake security software site at defender-uqko.in.
Some of the code has been spotted in iTunes URLs; however, Websense believes Apple's security policies likely blocked any attack:
The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer.