• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2008-02-05 iPhoto 7.1.2
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2008-02-05 iPhoto 7.1.2

  • Subject: APPLE-SA-2008-02-05 iPhoto 7.1.2
  • From: Apple Product Security <email@hidden>
  • Date: Tue, 5 Feb 2008 13:40:36 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-02-05 iPhoto 7.1.2

iPhoto 7.1.2 is now available and addresses the following issue:

CVE-ID:  CVE-2008-0043
Available for:  iPhoto '08 7.1
Impact:  Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description:  A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.

iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named:  "iPhoto_712.dmg"
Its SHA-1 digest is:  d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.0.1012

wsBVAwUBR6jXdMgAoqu4Rp5tAQhOygf9EZkLab28RRdkLrL1cbuWzjbW5tA2E6P+
Wf8SAFxVgwx0jlutijc8oPMa7rzVY6aXUsu2sRd/NpegFSH3FkalYmZufzHdx4NK
r/vWLblS/2pJ4DwBcf3kh09inN4EyC7gYx1kiGUEnWVeRD1XX5TdiRuDcW1JO9D5
mGGMMLMY8S+RtnHB/3TxQADpE8aAo5m8R0JSlHeFJQnrvEH2XkDOEuiZJCaNJV9c
VNKAyPW4H0b89nFWaECPhtZ3vUe+6tmBHx8lAPDRK2FwPJespkCo2UyQK+Jc7ND5
EKyaEWnQEfQoGAb5oT7YOE5wdvwZJJCRUdQUHDwB3qOLiZvICn9ZHA==
=42o5
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Next by Date:
APPLE-SA-2008-02-06 QuickTime 7.4.1

    • 

  • Next by thread:
APPLE-SA-2008-02-06 QuickTime 7.4.1

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •