Apple delivers iPhoto patch

Summary:Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."The iPhoto 7.

Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."

The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution.

The update improves the handling of the format strings and subscription processing to plug the hole.

Nate McFeters at Ernst & Young's Advanced Security Center found the flaw.

You can download the latest iPhoto on Apple's support site.

Topics: Security, Apple

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.