In association with heise online

11 November 2008, 10:04

Apple patches critical holes in iLife

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released iLife Support 8.3.1, a security update for iLife that closes three critical security holes. All three holes make it possible for attackers to inject their own code onto a computer and execute it using specially crafted TIFF and JPEG images. For the attack to work, the victim has to open the images. The vulnerabilities are caused by a number of memory errors that occur when ImageIO processes images.

Only MacOS X 10.4.9 to 10.4.11, Mac OS X Tiger, are affected. The 12 MB downloadable update is only available for version 10.4.11; 10.4.9 users should update to 10.4.11 then install the update. Apple fixed the same problems in Mac OS X 10.5, Leopard, in an updated delivered in September

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-738063
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit