Tech
Apple ships patch for iLife security flaws
Apple has shipped a major iLife security update to fix three documented vulnerabilities that could expose Mac OS X users to arbitrary code execution attacks.The flaws patched with the new iLife Support 8.
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
![Apple ships patch for iLife security flaws](https://www.zdnet.com/a/img/2014/10/04/1e3647ec-4b64-11e4-b6a0-d4ae52e95e57/ilifebox.jpg)
The flaws patched with the new iLife Support 8.3.1 could be exploited via specially crafted TIFF or JPEG images, Apple warned in an advisory.
Some raw details:
- CVE-2008-2327: (iLife 8.0 or Aperture 2, on Mac OS v10.4.9 through v10.4.11) Multiple uninitialized memory access issues exist in libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This flaw was discovered internally by Apple's security team.
- CVE-2008-2332: (iLife 8.0 or Aperture 2, on Mac OS v10.4.9 through v10.4.11) A memory corruption issue exits in the handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. Robert Swiecki of Google Security Team is credited with finding and reporting this vulnerability.
- CVE-2008-3608: (iLife 8.0 or Aperture 2, on Mac OS v10.4.9 through v10.4.11) A memory corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images. Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. This bug was discovered internally by Apple's security team.