Newsletter:

Skip Navigation LinksHome > News > Security > Apple fails to patch serious iCal flaws

Site Map |

Apple fails to patch serious iCal flaws

By Iain Thomson
24 May 2008 09:31AM
Tags: apple | fails | patch | serious | ical | flaws

Security researchers have published details of three flaws in Apple's iCal application after waiting over four months for the company to issue a fix..

Researchers at Core Security discovered the bugs in the calendar application in January and promptly informed Apple of the flaws.

"Three vulnerabilities in iCal may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) assistance from the end user," said Core Security in a posting to the Bugtraq mailing list.

"They could also repeatedly execute a denial of service attack to crash the iCal application.

"The most serious of the three vulnerabilities is due to potential memory corruption resulting from a resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker."

Apple originally promised to publish fixes by March, then by April. But, after repeated delays and denials that there was a problem, Core Security went public with the information so that users could protect their information.

The company informed Apple of the decision ahead of time but fixes have yet to be released.

Copyright © 2008 vnunet.com

   


Ads by Google


Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 


 
Tripwire - Click here to win an iTouch



Tags

apple critical fails fixes flaws iphone itunes leopard mac microsoft mozilla patch patches quicktime security serious store update updates windows


Product Reviews

AdventNet ManageEngine
Star Rating
The AdventNet Manage-Engine Password Manager Pro provides a complete system for password management in one...
Cyber-Ark Software Enterprise Password Vault
Star Rating
The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.
Hitachi ID Systems ID-Archive
Star Rating
The Hitachi ID-Archive sets its focus on password randomisation.
Lieberman Software Enterprise Random PM
Star Rating
The Lieberman Software Enterprise Random Pass­word Manager is a full-on password manager and randomiser for...
Proginet Corporation SecurForce
Star Rating
Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.
Unified Communications Podcast Centre

TopTopics
(6668) -  internet
(6422) -  iinet
(6396) -  copyright
(6396) -  afact
(5993) -  servers
(5993) -  mipi
(4835) -  telstra
(4514) -  broadband
(4461) -  nbn
(2986) -  internode
(2520) -  microsoft
(1888) -  network
(1463) -  software
(1462) -  data
(1369) -  google