site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2008-02-05 iPhoto 7.1.2 iPhoto 7.1.2 is now available and addresses the following issue: CVE-ID: CVE-2008-0043 Available for: iPhoto '08 7.1 Impact: Subscribing to a maliciously-crafted photocast may lead to arbitrary code execution Description: A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously-crafted photocast, a remote attacker may cause arbitrary code execution. This update addresses the issue through improved handling of format strings when processing photocast subscriptions. Credit to Nathan McFeters of Ernst & Young's Advanced Security Center for reporting this issue. iPhoto 7.1.2 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "iPhoto_712.dmg" Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.0.1012 wsBVAwUBR6jXdMgAoqu4Rp5tAQhOygf9EZkLab28RRdkLrL1cbuWzjbW5tA2E6P+ Wf8SAFxVgwx0jlutijc8oPMa7rzVY6aXUsu2sRd/NpegFSH3FkalYmZufzHdx4NK r/vWLblS/2pJ4DwBcf3kh09inN4EyC7gYx1kiGUEnWVeRD1XX5TdiRuDcW1JO9D5 mGGMMLMY8S+RtnHB/3TxQADpE8aAo5m8R0JSlHeFJQnrvEH2XkDOEuiZJCaNJV9c VNKAyPW4H0b89nFWaECPhtZ3vUe+6tmBHx8lAPDRK2FwPJespkCo2UyQK+Jc7ND5 EKyaEWnQEfQoGAb5oT7YOE5wdvwZJJCRUdQUHDwB3qOLiZvICn9ZHA== =42o5 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com