February 5, 2008 1:58 PM PST

Apple updates iPhoto 7.1.2 with a security fix

by Robert Vamosi

On Tuesday, Apple issued a security update for iPhoto. The update is for users of Mac OS X v10.4.9 or later running iPhoto '08 (part of iLife 08). It addresses the vulnerability detailed in CVE-2008-0043.

To be vulnerable, Apple says, a user must subscribe to a maliciously crafted photocast. A remote attacker may then execute arbitrary code on the compromised machine. The fix addresses how iPhoto handles format strings when processing photocast subscriptions.

Apple credits Nathan McFeters of Ernst & Young's Advanced Security Center for reporting this vulnerability.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

Topics:: Security

Tags:: security,; Apple,; iPhoto

Share:: Digg; Del.icio.us; Reddit; Facebook

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Inside CNET News

Scroll Left Scroll Right

Business Tech
Week in review: A speedier new Firefox
Mozilla's latest version plays catch-up with the browser competition. Also: the latest in Windows 7 news, and a Yahoo data center in a new shade of green.
Gallery
Photos: 'Train warriors, test weapons'
Technically Incorrect
After Wikipedia, Jockipedia
A new site collates the social-networking activity of sports people, tabulated by name, league, and country.
Beyond Binary
Windows 7 may get a 'Family Pack'
Enthusiasts have spotted wording in a leaked test build of the operating system that suggests Microsoft may offer a three-PC deal with the new Windows.
Video
Video: iPhone 3G S launch in New York City
Wireless
Nokia Android rumors earn outright denial
Handset maker issues an "outright denial" to a report that it will launch a touch-screen Android device this fall.
Video
A recipe for high-tech chocolate
Geek Gestalt
In Utah desert, Air Force lets the bombs fly
At the massive Utah Test & Training Range, the Air Force 'trains warriors and tests weapons,' running more than 15,000 sorties a year to ensure that bomber pilots are properly trained, and that weapons work the way they should.
The Space Shot
Lunar mapping satellite snaps first test images
NASA's Lunar Reconnaissance Orbiter has snapped its first test images, showing the moon's starkly cratered terrain in preparation for the start of mapping operations.
Gallery
Photos: Spiral Jetty, Robert Smithson's wondrous earthwork
Webware
URL shortening is hot--but look before you leap
Fueled by Twitter's popularity, services to abbreviate Web addresses are taking off. They bring a host of problems, but some are working to fix them.
Green Tech
Best Buy shifts into electric vehicles sales
The Enertia electric motorcycle from Brammo is now available at Best Buy, which sees a close tie between consumer electronics and electric vehicles.