Apple iCal hit with three remote vulnerabilities

Security vendor announces three ways criminal hackers could crash the calendar function in Mac OS 10.5.

On Wednesday, Core Security announced three vulnerabilities within iCal, the personal calendar application that ships with the Mac operating system. The vulnerabilities affect iCal version 3.0.1 on MacOS X 10.5.1.

ZDNet's Ryan Naraine quotes an as-yet unpublished Core Security announcement as saying: "The vulnerabilities are caused due to iCal not properly sanitizing certain fields on iCal calendar files (.ics). This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file."

Apple was rumored to be releasing a large security patch later on Wednesday, but, in an update to his blog, Naraine says that will not happen. In the meantime, Leopard users should be suspicious of links and e-mails with requests to add/open calendar (.ics) files.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with hoarding photos on your phone

Do you have hundreds (or thousands) of photos on your phone? This one's for you.

by Sharon Profis