Miki

Recently, three vulnerabilities have been uncovered with Apple iCal 3.0.1. This could possibly affect those who use Mac 10.5.1 (Leopard). According to the report the most serious of the three due to a resource liberation bug.

The most serious of the three vulnerabilities is due to potential memory corruption resulting from an resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker.

“Exploitation of these vulnerabilities in a client-side attack scenario is possible with user assistance by opening or clicking on specially crafted .ics file send over email or hosted on a malicious web server; or without direct user assitance if a would-be attacker has the ability to legitimately add or modify calendar files on a CalDAV server.”

The Bugtraq names are 28629, 28632, and 28633.

Bugtraq 28629 is labeled “Apple iCal ‘COUNT’ Parameter Integer Overflow Vulnerability” and is classified as an “Boundary Condition Error.” In order for this, to work the attacker must entice the unsuspecting user to import a malicious UCS file. According to the report a vulnerable .ics file will contain the following line.

RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2147483646

Bugtraq 28632 is labeled as “Apple iCal ‘TRIGGER’ Parameter Denial of Service Vulnerability” and is classified as a “Design Error.” In order, to be successful the attacker must entice an unsuspecting user to import a malicious ICS file.

Bugtraq 28633 is labeled “Apple iCal ‘ATTACH’ Parameter Denial Of Service Vulnerability” and is classified as a “Input Validation error”. Checking out the exploit report nothing is said about the issue although it does link you to a “proof of concept file.” According to the report, direct user involvement isn’t necessary if the attacker is able to add or modify calendar files on a CalDAV server.

If you haven’t already done so you can receive updates for your Mac automatically.

How to get updates immediately (Mac OS X 10.3, 10.4, 10.5 or later)

1. Go to the Apple menu
2. Click on Software Update. Clicking on Software update will check for available updates.
3. Mac OSX 10.3.x only: Click on the Check Now button.
4. From the Software Update window choose the items you want to install
5. Install the software. You usually want to install all the software updates.
6. When prompted, enter the administration account name and password.
7. Once the installation is complete, restart your Mac computer if it is required.

When I first set up automatic software update I found out that I had to run the software update a few times since some of the updates that I had installed were prerequisites for others.

If you are on a Mac OS X 10.2 or lower steps 1-3 are slightly different. Complete the first three steps and pick up the above steps 4-7.

1. Go to the Apple menu
2. Choose System Preferences
3. From the View Menu, select Software Update

Rodrigo Carvalho who works for the Core Security Consulting Services Team at Core Security Technologies discovered and researched these vulnerabilities. Additional research was done by Ricardo Narvaja from CORE IMPACT (also part of Core Security Technologies) the Exploit Writers Team. Reading the report it states that vulnerabilities in a client-side attack is possible.

Core Security Technologies is a USA company based in Boston. It provides audit, penetration testing, and software based products and services.

Core Security Technologies has not observed these exploits in the wild. The vulnerabilities were observed during BugWeek 2007. The report was published on May 21, 2008.

Source: Blorge

__________________

Unknownm

I wont be needing this. I removed Apple iCal in app folder. unless it stores it somewhere else?

__________________
Coma's youtube HD Encoder: (32-bit & 64-bit Windows)

Youtube: Audiotranceable

Marin

I don't use iCal, and I see there is already an update. So what's the big deal.

__________________
Rampage Torture Rack Build Log|Torture Rack|Antec 300|Antec 1200|Antec 1200 Night Photos|Antec 1200 Inside

50D (Sigma 30mm f/1.4 EX DC HSM | Nikkor 50mm f/1.2 | Nikkor 55mm f/1.2 | Canon EF-S 10-22mm f/3.5-4.5 USM | Canon EF-S 60mm f/2.8 Macro USM | Canon 70-200mm f/4L IS USM | Crumpler 7MDH | B+W filters)

Images: Flickr

OCN Team Fortress 2 Group

The Hundred Gunner

They friggin F-ed up iCal in Leopard. Tiger's was great, but Leopard's totally sucks ass. iCal 3 is epic fail. So we got interface problems, and now security problems.

iCal (was) a great program. I can see why you removed it since you have Leopard lol

__________________
"I just talk the way I see things... If that's offensive to you... I'm sorry; you're a loser." - Michael Savage

"But you would be amazed by how many people think that the only reason to have a computer is to play games, and that playing games is all that anyone with a computer does." - dangerousHobo

onlycodered

Yeah. iCal sucks now unfortunately.

__________________

rabidgnome229

Yet another article about theoretical Apple security issues. What's wrong, can't find any real attacks to post?

onlycodered

Haha. So true.

__________________

gex80

See it was only a matter of time and size of user base before exploits are found. I like how the apple rep in my store says that apples don't get hacked and that they are the most secure OS to date. The more market share apple gains, the more holes will be found. It's sorta going the way window is. Now all someone needs to do is make a virus for mac and there goes one of their biggest marketing advantage. But then again it still is hard since it's based off of unix.

__________________
Zune Owner's Club!

I tried Latty's Linux challenge. I now despise that OS all together.