Advertisement

Apple patches iLife flaws

11 Nov 2008 11:22


iLife Support 8.3.1 addresses three vulnerabilities affecting how the application processes TIFF and JPEG images

Apple released an update on Monday for iLife 8.0 and Aperture 2 running on Mac OS X v10.4.9 to v10.4.11.

The update does not affect systems running Mac OS X v10.5.5.

The update affects system software components shared by all iLife '08 applications and, in most cases, the specific vulnerabilities could lead to application termination or arbitrary code execution. iLife Support 8.3.1 may be obtained from the Software Update pane in System Preferences or Apple's Downloads website.

ImageIO-1
This patch affects users of iLife 8 or Aperture 2 running on Mac OS X v10.4.9 to v10.4.11.

This update addresses the security issue detailed within CVE-2008-2327, in which viewing a maliciously crafted TIFF image may lead to unexpected application termination or arbitrary code execution.

The issue has already been addressed in systems running Mac OS X v10.5.5.

Apple credited itself for finding the vulnerability.

ImageIO-2
This patch affects users of iLife 8 or Aperture 2 running on Mac OS X v10.4.9 to v10.4.11.

This update addresses the security issue detailed within CVE-2008-2332, in which viewing a maliciously crafted TIFF image may lead to unexpected application termination or arbitrary code execution. The difference from the previous advisory is that this one involves a memory-corruption issue in the handling of TIFF images.

The issue has already been addressed in systems running Mac OS X v10.5.5.

Apple credited Robert Swiecki of Google Security Team for finding the vulnerability.

ImageIO-3
This patch affects users of iLife 8 or Aperture 2 running on Mac OS X v10.4.9 to v10.4.11.

The update addresses the vulnerabilities detailed within CVE-2008-3608, in which viewing a large, maliciously crafted JPEG image may lead to unexpected application termination or arbitrary code execution. Specifically, a memory-corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images.

The issue has already been addressed in systems running Mac OS X v10.5.5.

Apple credited itself for finding the vulnerability.

Story URL: http://news.zdnet.co.uk/security/0,1000000189,39548095,00.htm

Copyright © 1995-2010 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.