Apple issues security updates to QuickTime, iPhoto
Apple quietly pushed out a new 7.4.1 QuickTime update to stop attacks through maliciously crafted Web sites.
Apple released the patch because malicious users had the ability to entice "a user to visit a maliciously crafted Web page, [where] an attacker may cause an unexpected application termination or arbitrary code execution."
Also on the same day as the QuickTime fix, Apple also released a patch for its iPhoto '08 7.1 software. Attackers were reportedly able to cause an arbitrary code execution every time users tried to subscribe to an infected user's photocast stream.
The iPhoto update is for Mac OS X v10.3.9, Mac OS X v10.4.9, Mac OS X v10.5 or later, and Microsoft Windows XP SP 2 and Vista users.