Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

Filed under: Software Update

iPhoto and ProKit updates hitting today


In the hustle and bustle of product introductions today, another couple of software updates slipped out the door. The 16 MB iPhoto 7.1.2 update promises the "overall stability" we all crave, while the ProKit update (no link on Apple's site yet) "improves reliability for Apple's professional applications and is recommended for all users of Final Cut Studio, Final Cut Express, Aperture, Logic Studio and Logic Express."

Meanwhile, in a separate security bulletin (link as in the image), Apple acknowledged an iPhoto vulnerability that would allow a maliciously-crafted photocast to hijack your machine, if you were to subscribe to it; said vulnerability is now fixed in 7.1.2. Yikes. Full details after the jump.

Your mileage, as always, may vary.

Thanks Erik!

iPhoto 7.1.2 security info (from Apple):

CVE-ID: CVE-2008-0043
Available for: iPhoto '08 7.1
Impact: Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.

iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

Reader Comments (Page 1 of 1)

Tip of the Day

Holding the Command key (aka the Apple key) and pressing Tab will cycle through your open applications. It's easier to Cmd-Tab if you are Copy (Cmd-C) and Pasting (Cmd-V) to and from various applications.


Follow us on Twitter!
 TUAW [Cafepress]

Featured Galleries

DNC Macs
Macworld 2008 Keynote
Macworld 2008 Build-up
Google Earth for iPhone
Podcaster
Storyist 2.0
AT&T Navigator Road Test
Bento for iPhone 1.0
Scrabble for iPhone
Tom Bihn Checkpoint Flyer Briefcase
Apple Vanity Plates
Apple booth Macworld 07
WorldVoice Radio
Quickoffice for iPhone 1.1.1
Daylite 3.9 Review
DiscPainter
Mariner Calc for iPhone
2009CupertinoBus
Crash Bandicoot Nitro Kart 3D
MLB.com At Bat 2009
Macworld Expo 2007 show floor

 

More Apple Analysis

AOL Radio TUAW on Stitcher