Apple delivers iPhoto patch

Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."The iPhoto 7.

Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."

The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution.

The update improves the handling of the format strings and subscription processing to plug the hole.

Nate McFeters at Ernst & Young's Advanced Security Center found the flaw.

You can download the latest iPhoto on Apple's support site.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All