iCal posts - Defense in Depth

May 21, 2008 11:43 AM PDT

On Wednesday, Core Security announced three vulnerabilities within iCal, the personal calendar application that ships with the Mac operating system. The vulnerabilities affect iCal version 3.0.1 on MacOS X 10.5.1.

ZDNet's Ryan Naraine quotes an as-yet unpublished Core Security announcement as saying: "The vulnerabilities are caused due to iCal not properly sanitizing certain fields on iCal calendar files (.ics). This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file."

Apple was rumored to be releasing a large security patch later on Wednesday, but, in an update to his blog, Naraine says that will not happen. In the meantime, Leopard users should be suspicious of links and e-mails with requests to add/open calendar (.ics) files.

Topics:: Security

Tags:: security,; Apple,; iCal,; Leopard,; Mac OS 10.5,; Ryan Naraine

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Software, Interrupted
Flexing the boundaries of flash memory
Flash memory is already a part of our daily computing lives. A breakthrough in flexible material may open many new market opportunities.
Gallery
Top-rated reviews of the week (photos)
The Open Road
Open source became big business in 2009
Open source has always been an important sideshow for software vendors, but in 2009 it became the main event thanks to Google.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Behind the scenes of CBS's NFL coverage
Technically Incorrect
Google makes its home page a Chrome page
Without apparent notice or fanfare, Google adorns its home page with a very visible ad for Chrome.
Video
Deep-sea volcanic explosion--part 2 (video)
The Social
Facebook COO nominated to Disney board
Sheryl Sandberg, who has been chief operating officer of the social network for nearly two years now, will join the board if shareholders approve in March.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
Lookout keeps an eye on mobile-device security (photos)
Crave
Will the Apple tablet be a full-fledged computer?
Either the Apple tablet (or iSlate, or whatever it ends up being called) will be a 10-or-so-inch tablet PC with a full Mac OSX operating system; or it will merely be a larger-screen version of the current iPod Touch, which has a closed, limited phone-like
Green Tech
Ford sees bump in hybrid sales
Carmaker says its hybrid sales are up 67 percent this year, despite an 11 percent slump industrywide.

Defense in Depth

Apple iCal hit with three remote vulnerabilities

Most Popular

15 sites that went kaput in 2009

Top 10 news stories of the decade

About Defense in Depth

Defense in Depth topics

Antivirus

Audio and video

Bots and botnets

Browsers and extensions

Chat and e-mail

Criminal Hackers

Mobile

Networking

Phishing

Rootkits

Security

Spyware

Storage

Uncategorized

Most Discussed

Inside CNET News