Flaws Discovered in Apple’s iCal Application
A new set of flaws in Apple's iCal application has been detected that could be exploited by unauthenticated attackers to run an arbitrary program on the affected system with or without user interaction. The vulnerabilities also allow carrying out sustained denial-of-service conditions to cause the iCal application to crash.
According to an advisory by Core Security, one vulnerability among the three vulnerabilities is the most serious because it is caused due to possible memory corruption from the resource free bug that is leveraged with a distorted .ics calendar file that a potential attacker specially crafts.
The remaining two flaws are errors of the null pointer type caused when the distorted .ics files are parsed leading to the collapse of the iCal application, the writt...
» SPAMfighter News - 29-05-2008