updated 06:10 pm EST, Mon November 10, 2008
iLife Support security
Apple has released the latest update to iLife Support, version 8.3.1, which addresses several security vulnerabilities that existed in the imageIO framework. Memory initialization has been corrected, and image validation improved, preventing application failure or arbitrary code execution when viewing TIFF images that contain malicious code. Processing of TIFF images has also been changed to avoid a memory corruption problem that could cause similar problems.
Another security flaw allowed large JPEG files to execute malicious code or close the program, but was fixed by improving the processing of ICC color profiles. All of the issues have already been corrected in systems that run Mac OS X 10.5.5. The iLife Support 8.3.1 update is now available via the Software Update or th Web as a free download.