Apple Releases Security Fix for iPhoto, Version 6.0.6

· by · News

Apple, Inc. has released a security fix for iPhoto on Tuesday which addresses CVE-2007-0051. The fix brings iPhoto to version 6.0.6. The news was posted on the "security-announce" list at lists.apple.com. The announcement provided these details:

Impact: Subscribing to a maliciously-crafted photocast may lead to arbitrary code execution.

Description: A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously-crafted photocast, a remote attacker can trigger the vulnerability which may lead to arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-04-01-2007). This update addresses the issue by performing additional validation while handling photocast subscriptions. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

iPhoto 6.0.6 is available from the Software Update pane in System Preferences or Appleis Software Downloads Web site.

John Martellaro

John Martellaro

John Martellaro was born at an early age and began writing about computers soon after that. He is a former U.S. Air Force officer and has worked for NASA, White Sands Missile Range, Lockheed Martin Astronautics, the Oak Ridge National Laboratory and Apple. At Apple he worked as a Senior Marketing Manager, a Federal Account Executive and a High Performance Computing manager. His interests include skiing, chess, science fiction and astronomy. You can follow John on Twitter at twitter.com/jmartellaro.

Sign Up for the Newsletter

Enter a valid email address

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Adding to list…

No Comments

Add your comment

Commenting is not available in this channel entry.