Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Security

Apple delivers iPhoto patch

Summary: Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."The iPhoto 7.

Larry Dignan

By for Zero Day |

Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."

The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution.

The update improves the handling of the format strings and subscription processing to plug the hole.

Nate McFeters at Ernst & Young's Advanced Security Center found the flaw.

You can download the latest iPhoto on Apple's support site.

Topics: Security, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion

  • Does this affect Windows or does it only target OS X?

    Just wondering if I should worry about this?
    NonZealot
    Reply Vote

  • RE: Apple delivers iPhoto patch

    Hello,

    I discovered the vulnerability, but I've not tested it on a Windows environment. The
    vulnerability exists in iPhoto, which I don't believe exists for Windows, so I guess the
    answer is no.

    Nate
    nmcfeters
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close