Apple Releases Security Fix for iPhoto, Version 6.0.6

by , 4:55 PM EDT, March 13th, 2007

Apple, Inc. has released a security fix for iPhoto on Tuesday which addresses CVE-2007-0051. The fix brings iPhoto to version 6.0.6. The news was posted on the "security-announce" list at lists.apple.com. The announcement provided these details:

Impact: Subscribing to a maliciously-crafted photocast may lead to arbitrary code execution.

Description: A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously-crafted photocast, a remote attacker can trigger the vulnerability which may lead to arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-04-01-2007). This update addresses the issue by performing additional validation while handling photocast subscriptions. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

iPhoto 6.0.6 is available from the Software Update pane in System Preferences or Apple's Software Downloads Web site.

Digg!