iLife Security Vulnerabilities Patched By Apple In iLife Support 8.3.1
Apple has shipped a major iLife security update to fix three documented vulnerabilities that could expose Mac OS X users to arbitrary code execution attacks. The flaws patched with the new iLife Support 8.3.1 could be exploited via specially crafted TIFF or JPEG images, Apple warned in an advisory.
The patch includes:
CVE-2008-2327: (iLife 8.0 or Aperture 2, on Mac OS v10.4.9 through v10.4.11) Multiple uninitialized memory access issues exist in libTIFF’s handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This flaw was discovered internally by Apple’s security team.
CVE-2008-2332: (iLife 8.0 or Aperture 2, on Mac OS v10.4.9 through v10.4.11) A memory corruption issue exits in the handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. Robert Swiecki of Google Security Team is credited with finding and reporting this vulnerability.
CVE-2008-3608: (iLife 8.0 or Aperture 2, on Mac OS v10.4.9 through v10.4.11) A memory corruption issue exists in ImageIO’s handling of embedded ICC profiles in JPEG images. Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. This bug was discovered internally by Apple’s security team.
More details are available at http://support.apple.com/kb/HT3276
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.