Apple patches critical holes in iLife
Apple has released iLife Support 8.3.1, a security update for iLife that closes three critical security holes. All three holes make it possible for attackers to inject their own code onto a computer and execute it using specially crafted TIFF and JPEG images. For the attack to work, the victim has to open the images. The vulnerabilities are caused by a number of memory errors that occur when ImageIO processes images.
Only MacOS X 10.4.9 to 10.4.11, Mac OS X Tiger, are affected. The 12 MB downloadable update is only available for version 10.4.11; 10.4.9 users should update to 10.4.11 then install the update. Apple fixed the same problems in Mac OS X 10.5, Leopard, in an updated delivered in September
- About the security content of iLife Support 8.3.1, Apple report