iPhoto and ProKit updates hitting today
In the hustle and bustle of product introductions today, another couple of software updates slipped out the door. The 16 MB iPhoto 7.1.2 update promises the "overall stability" we all crave, while the ProKit update (no link on Apple's site yet) "improves reliability for Apple's professional applications and is recommended for all users of Final Cut Studio, Final Cut Express, Aperture, Logic Studio and Logic Express."
Meanwhile, in a separate security bulletin (link as in the image), Apple acknowledged an iPhoto vulnerability that would allow a maliciously-crafted photocast to hijack your machine, if you were to subscribe to it; said vulnerability is now fixed in 7.1.2. Yikes. Full details after the jump.
Your mileage, as always, may vary.
Thanks Erik!
iPhoto 7.1.2 security info (from Apple):
CVE-ID: CVE-2008-0043
Available for: iPhoto '08 7.1
Impact: Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.
iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
