Apple, Inc. has released a security fix for iPhoto on Tuesday which addresses CVE-2007-0051. The fix brings iPhoto to version 6.0.6.
The news was posted on the “security-announce” list at lists.apple.com. The announcement provided
these details:
Impact: Subscribing to a maliciously-crafted photocast may lead
to arbitrary code execution.
Description: A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast,
a remote attacker can trigger the vulnerability which may lead
to arbitrary code execution. This has been described on the
Month of Apple Bugs web site (MOAB-04-01-2007). This update
addresses the issue by performing additional validation while
handling photocast subscriptions. Credit to Kevin Finisterre of
DigitalMunition for reporting this issue.
iPhoto 6.0.6 is available from the Software Update pane in
System Preferences or Appleis Software Downloads Web site.