Technical Description

Multiple vulnerabilities have been identified in Apple iCal, which could be exploited by attackers to cause a denial of service or potentially compromise a vulnerable system. These issues are caused by NULL pointer derefence and memory corruption errors when processing ICS files containing a malformed "COUNT", "TRIGGER" or "ATTACH" field, which could be exploited by attackers to crash an affected application or potentially execute arbitrary code by tricking a user into opening a specially crafted file.

Affected Products

Apple iCal version 3.0.1 and prior

Solution

Apple Security Update 2008-003 (Intel) :
http://www.apple.com/support/downloads/securityupdate2008003intel.html

Apple Security Update 2008-003 Server (Universal) :
http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html

Apple Security Update 2008-003 Server (PPC) :
http://www.apple.com/support/downloads/securityupdate2008003serverppc.html

Apple Security Update 2008-003 (PPC) :
http://www.apple.com/support/downloads/securityupdate2008003ppc.html

References

http://www.vupen.com/english/advisories/2008/1601
http://www.coresecurity.com/?action=item&id=2219

Credits

Vulnerabilities reported by Rodrigo Carvalho (Core Security Technologies).

ChangeLog

2008-05-21 : Initial release
2008-05-29 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.