Core Security Technologies has warned Mac users that Apple’s iCal application that runs on Mac OS X 10.5.1 has three bugs that could lead to security threats. Amongst the three bugs, two can crash the application, while the third one could be used to run code, if a malicious .ics file is opened
Describing the bugs, Core Security wrote: “The most serious of the three vulnerabilities is due to potential memory corruption resulting from a resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker.”
“The other two vulnerabilities lead to abnormal termination (crash) of the iCal application due to null-pointer dereference bugs triggered while parsing a malformed .ics files. The ability to inject and execute arbitrary code on vulnerable systems using these two vulnerabilities was researched but not proven possible,” Core Security wrote ahead.
iCal is a personal calendar application offered by Apple. It comes with Mac OS X operating system and can also be used as a stand-alone application or as a client-side component to calendar server. It allows users to create and share multiple calendars.