Format string vulnerability in Apple iPhoto prior to 7.1.2 allows remote malicious users to execute arbitrary code via photocast subscriptions.
apple iphoto