On CHOW: Should that woman be drinking?
BNET Business Network:
BNET
TechRepublic
ZDNet

May 21st, 2008

iCal vulnerabilities put Mac OS X users at risk

Posted by Ryan Naraine @ 9:53 am

Categories: Apple, Arbitrary Code Execution, Data theft, Exploit code, Open source, Vulnerability research

Tags: Apple Macintosh, Vulnerability, Patch Management, Apple Inc., Apple Mac OS X, Calendar File, Apple Mac OS, Operating Systems, Desktops, Security

iCal vulnerable to remote code execution flawsHeads up to Mac OS X users:  It appears Apple will be shipping high-priority security patches sometime today. (See important update at the end)

According to a security alert from vulnerability research and pen testing firm Core Security, Apple is about to release patches for three remotely exploitable security vulnerabilities in iCal, the personal calendar application that ships on Mac OS X.

The Core advisory was coordinated with Apple’s security team so it’s a safe bet we will see a big software update later today with patches for multiple vulnerabilities.

From Core’s alert (not yet available online):

The vulnerabilities are caused due to iCal not properly sanitizing certain fields on iCal calendar files (.ics). This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file.

Vulnerable packages include iCal version 3.0.1 on MacOS X 10.5.1 (Leopard).

Core said the flaws could enable client-side attacks on Mac users, using rigged Web sites or malicious attachments.

In all three cases detailed in the advisory, an improper sanitization affects the parsing of the calendar file format for sharing calendar events. This means that a malicious iCalendar file may be sent via e-mail or posted in a Web service to trigger the vulnerabilities when the victim application opens or updates the file on his/her computer.

This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file.

Apple’s iCal users are strongly urged to look out for — and install — the patches using the Software Update mechanism built into Mac OS X.

UPDATE:  I’m told that Apple’s patch has slipped and will not be released today.   In the circumstances,  beware of strange links and e-mails with requests to add/open calendar (.ics) files.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 35 Talkback(s)
RE: iCal vulnerabilities put Mac OS X users at risk
Well said, brunerd.

I have 2 mac laptops, 1 iMac 24inch,
one Power Mac G4 tower, and 1 duel
quad-core Xeon Mac Pro tower.

I am also a professional Protools user. I
cannot ju... (Read the rest)
Posted by: OmarHash Posted on: 05/27/08 You are currently: a Guest | | Terms of Use
This is really starting to annoy me  frgough | 05/21/08
ummmm  exxtraz | 05/21/08
MS' quality is irrelevant  frgough | 05/21/08
Two points...  James Quinn | 05/22/08
Exactly Jim.  xuniL_z | 05/24/08
Dreaming  euan.johnstone@... | 05/22/08
Hey,  xuniL_z | 05/24/08
iCal it normal  exxtraz | 05/21/08
Well one problem you've had...  KTLA | 05/21/08
RE: iCal vulnerabilities put Mac OS X users at risk  comp_indiana | 05/21/08
Core's advisory  Ryan NaraineZDNet Moderator | 05/21/08
What is the difference...  arminw | 05/22/08
La la la la I can't hear you  Vesicant | 05/21/08
as apple gets bigger so does the target on their ass  tech_walker | 05/22/08
RE: iCal vulnerabilities put Mac OS X users at risk  dpollard55 | 05/21/08
Pattern  gsale51@... | 05/22/08
10.5.1 == Win98, Winner of the Hyper Bowl  DannyO_0x98 | 05/22/08
Hoopla?  xuniL_z | 05/24/08
iCal vulnerabilities...  kcsmith2 | 05/21/08
LOL  dpollard55 | 05/21/08
While I agree that most Mac users  xuniL_z | 05/24/08
RE: iCal vulnerabilities put Mac OS X users at risk  Mohand20000@... | 05/22/08
Meh!  Win3.1 | 05/22/08
RE: iCal vulnerabilities put Mac OS X users at risk  anogee | 05/22/08
Scare tactics. Nice.  People | 05/22/08
They might be "nice" but  labarker | 05/22/08
Scare tactics??  xuniL_z | 05/24/08
Not FUD  brunerd | 05/22/08
Not so critical holes  secwalker | 05/22/08
Remember the day that only Windows users to worry about email attachments?  Heatlesssun1 | 05/22/08
Does this mean Apple will be pulling its ads?  tonymcs@... | 05/22/08
why?  doh123 | 05/23/08
No, but they do have advertisements that say....  xuniL_z | 05/24/08
Still better than Vista  Chad_z | 05/26/08
RE: iCal vulnerabilities put Mac OS X users at risk  OmarHash | 05/27/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and