Wednesday, May 21,2008 @ 4:05pm
iCal vulnerable to malicious .ics files
A new vulnerability in iCal has been discovered that allows un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeateadly execute a denial of service attack to crash the iCal application. Core Security writes that "the most serious of the three vulnerabilities is due to potential memory corruption resulting from an resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker".
Interestingly enough, the other two vulnerabilities, which are also mildly serious, can lead to the iCal program crashing; caused by null-pointer dereference bugs triggered while parsing a malformed .ics files. The exploitation can be made when the user opens a specific .ics file crafted by the hacker to take advantage of any one of the three vulnerabilities.
The malicious file could either be hosted on a web server or e-mailed to the useras a standalone file. Until an official patch is available for download from Apple, iCal users are advised to only open .ics files from a known, verified source.