
In the hustle and bustle of product introductions today, another couple of software updates slipped out the door. The 16 MB iPhoto 7.1.2 update promises the "overall stability" we all crave, while the ProKit update (no link on Apple's site yet) "improves reliability for Apple's professional applications and is recommended for all users of Final Cut Studio, Final Cut Express, Aperture, Logic Studio and Logic Express."
Meanwhile, in a separate security bulletin (link as in the image), Apple acknowledged an iPhoto vulnerability that would allow a maliciously-crafted photocast to hijack your machine, if you were to subscribe to it; said vulnerability is now fixed in 7.1.2. Yikes. Full details after the jump.
Your mileage, as always, may vary.
Thanks Erik!
iPhoto 7.1.2 security info (from Apple):
CVE-ID: CVE-2008-0043
Available for: iPhoto '08 7.1
Impact: Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.
iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798













Reader Comments (Page 1 of 1)
2-05-2008 @ 5:31PM
Lars said...
Hm, started Software Update - it hung with the spinning beach ball. Had to force quit it, no program would start after that and a reboot also hung (had to turn my iMac off by pressing the power button).
After a long boot up Spotlight is reindexing. I don't know what happened but it sure spooked me. I'm not touching those again until more people have. * shudders *
Reply
2-05-2008 @ 5:39PM
Paul Pinfield said...
Hi Lars
I upgraded without problem.
MBP, 10.5.2.
2-05-2008 @ 5:46PM
Macroy said...
I must have missed the 10.5.2 release today.
2-05-2008 @ 8:57PM
elitemrp said...
Do you have an external drive connected?
2-05-2008 @ 7:23PM
YodaMac said...
FYI- 10.5.2 was issued privately to developers last Thursday.
Reply
2-06-2008 @ 2:10AM
Macroy said...
Fine, I'll never be snarky again. :(
2-05-2008 @ 11:26PM
Eadnams said...
Sweet merciful crap! FCP stopped crashing in Leopard from certain plugins :D:D:D:D:D:D:D
Reply
2-06-2008 @ 6:27AM
Niklas said...
Still no 2008 in Aperture source list.
Reply
2-06-2008 @ 10:27AM
Rollins said...
No fix for the overload errors in Logic. A shame.
Reply
2-06-2008 @ 10:55AM
edwardsnh said...
Why, oh why won't apple store tags and comments in a jpgs iptc? I know you can import/export them, but this should be a default.
Oh well, just going to have to wait for the Mac version of Picasa coming later this year.
Reply