Home / mailings APPLE-SA-2008-02-05 iPhoto 7.1.2
Posted on 05 February 2008
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-02-05 iPhoto 7.1.2
iPhoto 7.1.2 is now available and addresses the following issue:
CVE-ID: CVE-2008-0043
Available for: iPhoto '08 7.1
Impact: Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.
iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
