Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."
The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution.
The update improves the handling of the format strings and subscription processing to plug the hole.
Nate McFeters at Ernst & Young's Advanced Security Center found the flaw.
You can download the latest iPhoto on Apple's support site.