Apple Cures iCal Ills
Apple patches bugs in its iCal calendar application a week after security researcher disclosed them.Apple released a major security update May 28 that included a patch for vulnerabilities in its iCal calendar application that were disclosed last week. The iCal bugs were discovered by Core Security Technologies and made public last week after months of back and forth with Apple. The flaws can be exploited to crash iCal or execute arbitrary code via malicious calendar updates or by importing a specially crafted calendar file (.ics).
The iCal bugs were the topic of discussion last week after Core Security researchers opted to release them, since efforts to coordinate disclosure with Apple were unsuccessful. Core Security Chief Technology Officer Ivan Arce said at the time the company felt it could no longer wait for Apple to address the issues.