Filed under: Software Update
iPhoto and ProKit updates hitting today
In the hustle and bustle of product introductions today, another couple of software updates slipped out the door. The 16 MB iPhoto 7.1.2 update promises the "overall stability" we all crave, while the ProKit update (no link on Apple's site yet) "improves reliability for Apple's professional applications and is recommended for all users of Final Cut Studio, Final Cut Express, Aperture, Logic Studio and Logic Express."
Meanwhile, in a separate security bulletin (link as in the image), Apple acknowledged an iPhoto vulnerability that would allow a maliciously-crafted photocast to hijack your machine, if you were to subscribe to it; said vulnerability is now fixed in 7.1.2. Yikes. Full details after the jump.
Your mileage, as always, may vary.
Thanks Erik!
iPhoto 7.1.2 security info (from Apple):
CVE-ID: CVE-2008-0043
Available for: iPhoto '08 7.1
Impact: Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.
iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Lars said 5:31PM on 2-05-2008
Hm, started Software Update - it hung with the spinning beach ball. Had to force quit it, no program would start after that and a reboot also hung (had to turn my iMac off by pressing the power button).
After a long boot up Spotlight is reindexing. I don't know what happened but it sure spooked me. I'm not touching those again until more people have. * shudders *
Reply
Paul Pinfield said 5:39PM on 2-05-2008
Hi Lars
I upgraded without problem.
MBP, 10.5.2.
Macroy said 5:46PM on 2-05-2008
I must have missed the 10.5.2 release today.
elitemrp said 8:57PM on 2-05-2008
Do you have an external drive connected?
YodaMac said 7:23PM on 2-05-2008
FYI- 10.5.2 was issued privately to developers last Thursday.
Reply
Macroy said 2:10AM on 2-06-2008
Fine, I'll never be snarky again. :(
Eadnams said 11:26PM on 2-05-2008
Sweet merciful crap! FCP stopped crashing in Leopard from certain plugins :D:D:D:D:D:D:D
Reply
Niklas said 6:27AM on 2-06-2008
Still no 2008 in Aperture source list.
Reply
edwardsnh said 10:55AM on 2-06-2008
Why, oh why won't apple store tags and comments in a jpgs iptc? I know you can import/export them, but this should be a default.
Oh well, just going to have to wait for the Mac version of Picasa coming later this year.
Reply
Rollins said 10:27AM on 2-06-2008
No fix for the overload errors in Logic. A shame.
Reply