Apple delivers iPhoto patch

Apple delivers iPhoto patch

Summary: Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."The iPhoto 7.

TOPICS: Security, Apple

Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."

The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution.

The update improves the handling of the format strings and subscription processing to plug the hole.

Nate McFeters at Ernst & Young's Advanced Security Center found the flaw.

You can download the latest iPhoto on Apple's support site.

Topics: Security, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Does this affect Windows or does it only target OS X?

    Just wondering if I should worry about this?
  • RE: Apple delivers iPhoto patch


    I discovered the vulnerability, but I've not tested it on a Windows environment. The
    vulnerability exists in iPhoto, which I don't believe exists for Windows, so I guess the
    answer is no.