Apple fails to patch serious iCal flaws

By

Security researchers have published details of three flaws in Apple's iCal application after waiting over four months for the company to issue a fix..


Researchers at Core Security discovered the bugs in the calendar application in January and promptly informed Apple of the flaws.

"Three vulnerabilities in iCal may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) assistance from the end user," said Core Security in a posting to the Bugtraq mailing list.

"They could also repeatedly execute a denial of service attack to crash the iCal application.

"The most serious of the three vulnerabilities is due to potential memory corruption resulting from a resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker."

Apple originally promised to publish fixes by March, then by April. But, after repeated delays and denials that there was a problem, Core Security went public with the information so that users could protect their information.

The company informed Apple of the decision ahead of time but fixes have yet to be released.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?