iPhoto and ProKit updates hitting today
In the hustle and bustle of product introductions today, another couple of software updates slipped out the door. The 16 MB iPhoto 7.1.2 update promises the "overall stability" we all crave, while the ProKit update (no link on Apple's site yet) "improves reliability for Apple's professional applications and is recommended for all users of Final Cut Studio, Final Cut Express, Aperture, Logic Studio and Logic Express."
Meanwhile, in a separate security bulletin (link as in the image), Apple acknowledged an iPhoto vulnerability that would allow a maliciously-crafted photocast to hijack your machine, if you were to subscribe to it; said vulnerability is now fixed in 7.1.2. Yikes. Full details after the jump.
Your mileage, as always, may vary.
iPhoto 7.1.2 security info (from Apple):
Available for: iPhoto '08 7.1
Impact: Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.
iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda
Information will also be posted to the Apple Product Security
Subscribe to Newsletter
Software Updatesmore updates
- Dropbox adds support for TouchID
- YouTube for iOS gets updated with full support for iPhone 6 and 6 Plus
- iOS 8.0.1 update now available (Updated -- Don't update!)
- NFL Mobile updated for 2014 Season with new Fantasy Football features, NFL Now integration
- Yahoo Mail improves email inbox searching with new filtering options
- Ember for Mac gains 'hugely-requested' screen recording feature