Apple + Security & Privacy

You probably wouldn’t think that iPhoto could have security holes, but today’s update from Apple shows this is indeed the case. iPhoto, which you may think is just a tool for managing your digital pictures, uses the Internet when you create or subscribe to photocasts. It turns out that “A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously-crafted photocast, a remote attacker may cause arbitrary code execution.”

For that reason, you should run Software Update and patch your version of iPhoto (this only applies to iPhoto 7), even if you don’t use photocasts now; you may do so in the future, and you may be “enticed” to subscribe to a “maliciously-crafted photocast”. Don’t say we didn’t warn you!