HomeAppleThree Security Bugs on Apple iCal Application, alerts Core Security

Three Security Bugs on Apple iCal Application, alerts Core Security

iCal, Bug Core Security Technologies has warned Mac users that Apple’s iCal application that runs on Mac OS X 10.5.1 has three bugs that could lead to security threats. Amongst the three bugs, two can crash the application, while the third one could be used to run code, if a malicious .ics file is opened

Describing the bugs, Core Security wrote: “The most serious of the three vulnerabilities is due to potential memory corruption resulting from a resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker.”

“The other two vulnerabilities lead to abnormal termination (crash) of the iCal application due to null-pointer dereference bugs triggered while parsing a malformed .ics files. The ability to inject and execute arbitrary code on vulnerable systems using these two vulnerabilities was researched but not proven possible,” Core Security wrote ahead.

iCal is a personal calendar application offered by Apple. It comes with Mac OS X operating system and can also be used as a stand-alone application or as a client-side component to calendar server. It allows users to create and share multiple calendars.