Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

iCal bugs can lead to DoS and code execution attacks

By Ed Oswald, BetaNews

May 22, 2008, 11:27 AM

Researchers with Core Security have found three vulnerabilities in Mac OS X's calendaring app that could create havoc for users.

The most serious vulnerability deals with a memory corruption issue that is triggered by a specially-crafted .ics file being executed. At the heart of it is a resource liberation bug which is triggered through the file, thus allowing code execution.

A user could lose control of his or her Mac through this bug, the firm warned. While it appears the bug needs to be exploited with some intervention from the end-user, Core said it may be exploitable without as well.

Both of the remaining flaws deal with denial of service issues, where repeated crashes prevent use of the iCal application. As with the previous bug, a specially-crafted .ics file is launched, which then takes advantage of a null-pointer dereference bug in the software.

Core could not find any evidence that this issue could also result in code execution.

"Exploitation of these vulnerabilities in a client-side attack scenario is possible with user assistance by opening or clicking on specially crafted .ics file send over email or hosted on a malicious web server; or without direct user assistance if a would-be attacker has the ability to legitimately add or modify calendar files on a CalDAV server," the firm said in an advisory.

The flaw was found on iCal 3.0.1 running on Mac OS X 10.5.1. Upgraded versions of the software are not affected.

Add a Comment (4 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Cali4niaWK

posted May 22, 2008 - 10:40 PM

Boy, everyones right, Start talking about Mac OS security holes and no one has much to say. How about that. I wonder why!? :-)

Score: 0

By dhjdhj

posted May 23, 2008 - 1:04 PM

Perhaps because

--->Upgraded versions of the software are not affected.

Score: 0

By improvelence

posted May 22, 2008 - 1:08 PM

Haha

Score: 0

By bousozoku

posted May 22, 2008 - 12:37 PM

Elsewhere, they were saying that the company was waiting for Apple to fix these serious problems and yet, they've been resolved with 10.5.2 and/or the security update?

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue