Three vulnerabilities in Apple's iCal standalone calendar application can be exploited to execute arbitrary code or instill a denial-of-service condition on user's machines, researchers at Core Security Technologies announced Wednesday.
The most severe of the three bugs involves a memory corruption that can be taken advantage of by getting an unsuspecting user to run a malicious .ics calendar file, resulting in the injection of malicious code, according to an advisory from Core, an audit and penetration testing firm.
The other two are null pointer errors caused when parsing malformed .ics files and can result in the iCal application crashing, the advisory said.
"The application tries to read from a place where there is nothing," Ivan Arce, chief technology officer of Core, told SCMagazineUS.com on Wednesday. "When that happens, the application crashes."
Attackers can successfully launch their attacks by tricking a user into clicking on a .ics file sent through email or distributed over the web, the advisory said.
But user interaction is not needed if a malicious individual can access the CalDAV server, which supports the iCal appliction, to modify calendar files.
Version 3.0.1 of the iCal, running on the Mac OS X 10.5.1 platform, is vulnerable, Arce said. Researchers did not show the latest Mac OS X version, 10.5.2, to be open to attack.
Arce likened the three vulnerabilities to other client-side flaws appearing in recent months, including media player holes.
"Client-side applications have not been so scrutinised [as the server], and there has not been as much effort in securing them," Arce said. "This is another example of that."
Jennifer Hakes, an Apple spokeswoman who handles Mac OS X, did not respond to a request for comment.
See original article on scmagazineus.com
Apple iCal vulnerability offers malware risk
By Dan Kaplan on May 22, 2008 9:56AM
Three vulnerabilities in Apple's iCal personal calendar application could enable remote attackers to install malicious code on victim's machines.
Got a news tip for our journalists? Share it with us anonymously here.