Researchers disclose bugs found in Apple's iCal

By on
Earlier this year a company called Core Security reported it had found critical vulnerabilities in Apple’s iCal calendar program that can be remotely exploited to crash the application or execute arbitrary code. Now, after several months of Apple wavering over whether the flaws were serious enough to warrant patches, the security vendor has decided to detail the three bugs hoping that it would prompt Apple to take action more rapidly.

According to an advisory from Core Security, the most serious of the bugs is the result of a memory corruption vulnerability that can be triggered if a user runs a malicious .ics file, while the other two are null-pointer errors caused when parsing malformed .ics files. The vulnerabilities affect iCal version 3.0.1 running on Mac OS X 10.5.1. As of this writing, no official patch has been released from Apple so until then users are strongly advised to only open .ics files from a known, verified source.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.