Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Apple iCal hit with three remote vulnerabilities

Security vendor announces three ways criminal hackers could crash the calendar function in Mac OS 10.5.

On Wednesday, Core Security announced three vulnerabilities within iCal, the personal calendar application that ships with the Mac operating system. The vulnerabilities affect iCal version 3.0.1 on MacOS X 10.5.1.

ZDNet's Ryan Naraine quotes an as-yet unpublished Core Security announcement as saying: "The vulnerabilities are caused due to iCal not properly sanitizing certain fields on iCal calendar files (.ics). This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file."

Apple was rumored to be releasing a large security patch later on Wednesday, but, in an update to his blog, Naraine says that will not happen. In the meantime, Leopard users should be suspicious of links and e-mails with requests to add/open calendar (.ics) files.