Thursday, May 22, 2008
Vulnerabilities in Apple's iCal application
According to Researchers at Core Security Technologies, they have uncovered three vulnerabilities in Apple's iCal application that hackers can exploit to take over vulnerable machines or launch denial-of-service attacks. iCal is a personal calendar application provided by Apple on Mac OS X and serves as a client-side component to a calendar server, allowing users to create and share multiple calendars. It can also be used as a stand-alone application.
The most serious of the bugs is the result of a memory corruption vulnerability that can be triggered if a user runs a malicious .ics (iCal calendar file). The other two are null-pointer errors caused when parsing malformed .ics files, Core researchers wrote in the advisory. Version 3.0.1 of iCal, running on the Mac OS X 10.5.1 platform, is vulnerable, Core researchers wrote.