• On GameSpot: Nintendo's Shigeru Miyamoto speaks out
November 10, 2008 3:13 PM PST

Apple fixes three iLife flaws

by Robert Vamosi

Apple released an update on Monday for iLife 8.0 and Aperture 2 running on Mac OS v10.4.9 through v10.4.11.

The update does not affect those running Mac OS X v10.5.5. The update affects system software components shared by all iLife '08 applications and, in most cases, the specific vulnerabilities could lead to application termination or arbitrary code execution. iLife Support 8.3.1 may be obtained from the Software Update pane in System Preferences or Apple's Software Downloads Web site.

ImageIO-1
This patch affects users of iLife 8 or Aperture 2 running on Mac OS v10.4.9 through v10.4.11. This update addresses the security issue detailed within CVE-2008-2327 in which viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. The issue has already been addressed in systems running Mac OS X v10.5.5. Apple credits itself for finding the vulnerability.

ImageIO-2
This patch affects users of iLife 8 or Aperture 2 running on Mac OS v10.4.9 through v10.4.11. This update addresses the security issue detailed within CVE-2008-2332 in which viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. The difference from the previous advisory is that this one involves a memory corruption issue exits in the handling of TIFF images. The issue has already been addressed in systems running Mac OS X v10.5.5. Apple credits Robert Swiecki of Google Security Team for finding the vulnerability.

ImageIO-3
This patch affects users of iLife 8 or Aperture 2 running on Mac OS v10.4.9 through v10.4.11. The update addresses the vulnerabilities detailed within CVE-2008-3608 in which viewing a large, maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. Specifically, a memory corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images. The issue has already been addressed in systems running Mac OS X v10.5.5. Apple credits itself for finding the vulnerability.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News,

Vulnerabilities & attacks

Tags:

Apple,

iLife,

TIFF,

JPEG,

arbitrary code execution,

Mac OS X 10.5.5

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Report: Problems stymie U.S. cyberspy protection
Symantec's Ramzan on solving the antivirus puzzle
Apple fixing iPhone SMS security hole
Waledac worm targeting July 4 spam offensive
ATM vendor gets security talk pulled from conferences
Postini: Google's take on e-mail security
Botnets lead the way for spam
Stallman warns of Mono 'risk'
Related
Add a Comment (Log in or register) (11 Comments)
  • prev
  • 1
  • next
by joetesta70 November 10, 2008 6:25 PM PST
Security issues, security issues, security issues.

Hi, I'm a Mac. LOL!
Reply to this comment
by Perry_Clease November 10, 2008 7:13 PM PST
"by joetesta70 November 10, 2008 6:25 PM PST
Security issues, security issues, security issues.

Hi, I'm a Mac. LOL!"

No Joe, you are not a Mac, you are a troll and a very immature one at that.
Reply to this comment
by gefitz November 10, 2008 7:43 PM PST
No, he's not a troll, just returning all the crap he hears on an almost daily basis from Apple about security issues.

Apple programmers aren't any better or worse than app programmers in an other world...if it was worth the effort hackers would be all over it exposing just as many holes.
Reply to this comment
by Below_The_Belt November 10, 2008 9:44 PM PST
http://mac.blorge.com/2008/11/09/experts-baffled-by-lack-of-malware/
by Ipopngraphics November 11, 2008 12:05 PM PST
after running through the first 100 news bits that came up when I launched CNET... I found 41 references to flaw issues with Vista. I found one referencing flaw issues with OS X.... nuf said.
by Khaled A. November 11, 2008 12:09 AM PST
thanks for the notice, running the Software Update...
Reply to this comment
by Ipopngraphics November 11, 2008 6:55 AM PST
Yes he IS a troll, but it's ok, the opportunities to pick on Mac software are so few and far between, we can be gracious enough to allow him the mind-blowing satisfaction of getting to say something bad about Apple and get it off his chest. The sooner he does that the sooner he'll go back to his roach infested sofa and bury himself in things that require the same amount of intelligence as opening a paper bag.
Reply to this comment
by Thomas, David November 11, 2008 7:14 AM PST
You know what? lpopngraphics is right, let them spout. Troubled souls need some way to vent their frustrations.
Reply to this comment
by Vegaman_Dan November 11, 2008 9:32 AM PST
And elitist snobs like you need the time to update your OS and then come up with ways to pretend it never happened and stick your head back in the sand.

Really, wake up and smell the rotting fruit sometime.
by Ipopngraphics November 11, 2008 11:17 AM PST
Elitist? ROFLMAO... RIGHT! I don't think my income qualifies me for such a lofty title, but thanks anyways. You think I buy Macs because I am rich? I buy them because I want the most for what little money I do have. Perhaps that "rotting smell" is something a little more close to home, I've heard that jealousy sometimes has that fermenting fruit aroma... or perhaps a shower might help....
Reply to this comment
by ittesi259 November 12, 2008 8:39 AM PST
Ya know, the fanboys make me embarrased to be a Mac user but the hateful other side make me glad I switched. Considering the fact that anyone with a current OS (already addressed in 10.5.5) is not affected thats not bad. I don't exactly remember any threads from yesterday from hateful windows people defending that MS had yet another monthly patch with even more vulnerabilities. Lets not forget this update had nothing to do with the OS but applications.
Reply to this comment
(11 Comments)
  • prev
  • 1
  • next
advertisement

Making sense of Windows 7 upgrades

faq The basics and the fine print on Microsoft's options for those eyeing the next operating system from Redmond.
• Full Windows 7 coverage

Road Trip 2009: Big Sky Country

CNET News reporter Daniel Terdiman takes his car full of gadgets to the Rockies and the Great Plains in search of tech, science, nature, and more.
• America's Fortress: Cheyenne Mountain

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET