Researchers at Core Security find three remotely exploitable bugs in iCal.
Researchers at Core Security Technologies have uncovered three
vulnerabilities in Apple's iCal application that hackers can exploit to take
over vulnerable machines or launch denial-of-service attacks.
According to an advisory
from Core, the most serious of the bugs is the result of a memory corruption
vulnerability that can be triggered if a user runs a malicious .ics (iCal
calendar file). The other two are null-pointer errors caused when parsing
malformed .ics files, Core researchers wrote in the advisory.
iCal is a personal calendar application provided by Apple on Mac OS X
and serves as a client-side component to a calendar server, allowing users
to create and share multiple calendars. It can also be used as a stand-alone
Click here for an analysis of what control Apple provides administrators over updates and patching.
"The reported problems are based on the Apple software improperly
sanitizing certain fields of iCal calendar files," Core Security Chief
Technology Officer Ivan Arce said in an interview with eWEEK. "The
vulnerabilities could potentially be utilized to crash iCal via exploitation of
the two null-pointer bugs-or to execute arbitrary code via the memory
corruption issue by sending users of the Apple program specially crafted
electronic calendar updates, or by convincing users to import specially crafted
calendar files from a Web site."
In addition, the flaws could be exploited without direct user involvement if
the attacker has the ability to legitimately add or modify calendar files on a
CalDAV server, according to the advisory. So far, the security firm has not
observed the bugs being exploited in the wild.
Version 3.0.1 of iCal, running on the Mac OS X 10.5.1
platform, is vulnerable, Core researchers wrote.