Tech
Apple delivers iPhoto patch
Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."The iPhoto 7.
![larry-dignan-eic.jpg](https://www.zdnet.com/a/img/resize/ad5eaccb545ef683588243a9891d5f678df042df/2017/04/26/eb462fe7-e39e-43ba-abbd-c4ca2442306e/larry-dignan-eic.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability."
The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution.
The update improves the handling of the format strings and subscription processing to plug the hole.
Nate McFeters at Ernst & Young's Advanced Security Center found the flaw.
You can download the latest iPhoto on Apple's support site.