All the latest UK technology news, reviews and analysis
|
|
|
23 May 2008
Security researchers have published details of three flaws in Apple's iCal application after waiting over four months for the company to issue a fix.
Researchers at Core Security discovered the bugs in the calendar application in January and promptly informed Apple of the flaws.
"Three vulnerabilities in iCal may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) assistance from the end user," said Core Security in a posting to the Bugtraq mailing list.
"They could also repeatedly execute a denial of service attack to crash the iCal application.
"The most serious of the three vulnerabilities is due to potential memory corruption resulting from a resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker."
Apple originally promised to publish fixes by March, then by April. But, after repeated delays and denials that there was a problem, Core Security went public with the information so that users could protect their information.
The company informed Apple of the decision ahead of time but fixes have yet to be released.
Latest stories from Software
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Leading Financial Trading Systems Brokerage / Capital...
Technical Consultant - Windows, Virtualisation, HP, Server...
The role requires an experienced Project Manager, particularly...
iPhone and iPad developer required! We are seeking...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Secure?
No point in fundamentally having a more secure OS if your developers cannot be ar$ed to fix gaping holes. I guess they are too busy making petty GUIs for fashion and style victims!? Complacency? Absolutely, like Microsoft used to be. Time to switch to Linux? Maybe, but not Debian-based, another bunch of useless kids running the show there and messing with SSL.
Posted by: cavehomme 25 May 2008
Be patient, Lain
Lain, you sound like the sky is going to fall if Apple doesn't hop right on it. You must know that OS X 10.5.3 will be out within the next few weeks. Why so much attitude? Additionally, your article is so strongly worded that the phrase, "may allow un-authenticated attackers to execute arbitrary code" seems out of place and way too weak compared to the rest of your article. Obviously Chicken Little is alive and well.
Posted by: Gary 25 May 2008
Lose patience?
Just out of curiosity are these researchers paid by how many and how quickly they find and report bugs? What can a few months matter to the researchers if their goal is to protect users? What patience do they need? Seriously I'm rapidly getting a VERY low opinion of these people from the Windows side of the world and I can imagine the Mac users are just as tired of hearing the sky is falling.
Posted by: Mathue 24 May 2008