iCal may not be as safe as you think

An iCal vulnerability has recently been exposed via malformed .ics files opened with the application. This exploit can cause memory corruptions which then can lead to other threatening code executions. On top of this, there are two other, smaller vulnerabilities that can lead simply to iCal crashes which can be a pain. According to the report by Core Security Labs, “Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application.”

The systems that can be harmed with this include Mac OS X versions 10.5 through 10.5.2 and Mac OS X server versions 10.5 through 10.5.2. Thanks to Core Security Labs for finding this potentially harmful vulnerability and I hope Apple has a fix for it quickly as they are usually on top of their updates. For now, just make sure not to open up any suspicious .ics files you get in email or anything else to halt the risk of being exposed to this.