{"id":154,"date":"2008-05-22T09:07:41","date_gmt":"2008-05-22T08:07:41","guid":{"rendered":"http:\/\/blog.intego.com\/?p=154"},"modified":"2008-05-22T09:07:41","modified_gmt":"2008-05-22T08:07:41","slug":"ical-vulnerabilities-to-be-patched-soon","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/","title":{"rendered":"iCal Vulnerabilities to be Patched Soon"},"content":{"rendered":"<p><img src=\"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg\" alt=\"\" \/><\/p>\n<p>The ZDNet Zero Day security blog <a href=\"http:\/\/blogs.zdnet.com\/security\/?p=1160\">published an article about three iCal vulnerabilities<\/a>, saying that Apple should be patching these security holes very soon. These holes &#8220;could enable client-side attacks on Mac users, using rigged Web sites or malicious attachments.&#8221; As described on the <a href=\"http:\/\/www.coresecurity.com\/index.php5?module=ContentMod&#038;action=item&#038;id=2219\">Core Security web site<\/a>, the vulnerabilities are the following:<\/p>\n<blockquote><p>\nThe most serious of the three vulnerabilities is due to potential memory corruption resulting from an resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker.<\/p>\n<p>The other two vulnerabilities lead to abnormal termination (crash) of the iCal application due to null-pointer dereference bugs triggered while parsing a malformed .ics files. The hability to inject and execute arbitrary code on vulnerable systems using these two vulnerabilities was researched but not proven possible.<\/p>\n<p>Exploitation of these vulnerabilities in a client-side attack scenario is possible with user assistance by opening or clicking on specially crafted .ics file send over email or hosted on a malicious web server; or without direct user assitance if a would-be attacker has the ability to legitimately add or modify calendar files on a CalDAV server.\n<\/p><\/blockquote>\n<p>The ZDNet article says that Apple will be patching these vulnerabilities soon, but this is atypical of Apple, who generally waits to release several security fixes together in an upgrade. In the meantime, &#8220;beware of strange links and e-mails with requests to add\/open calendar (.ics) files.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very soon. These holes &#8220;could enable client-side attacks on Mac users, using rigged Web sites or malicious attachments.&#8221; As described on the Core Security web site, the vulnerabilities are the following: The most [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,13],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"iCal Vulnerabilities to be Patched Soon - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2008-05-22T08:07:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/\",\"name\":\"iCal Vulnerabilities to be Patched Soon - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#primaryimage\"},\"datePublished\":\"2008-05-22T08:07:41+00:00\",\"dateModified\":\"2008-05-22T08:07:41+00:00\",\"description\":\"The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"iCal Vulnerabilities to be Patched Soon\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"iCal Vulnerabilities to be Patched Soon\",\"datePublished\":\"2008-05-22T08:07:41+00:00\",\"dateModified\":\"2008-05-22T08:07:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#webpage\"},\"wordCount\":243,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg\",\"articleSection\":[\"Apple\",\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/","og_locale":"en_US","og_type":"article","og_title":"iCal Vulnerabilities to be Patched Soon - The Mac Security Blog","og_description":"The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very","og_url":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/","og_site_name":"The Mac Security Blog","article_published_time":"2008-05-22T08:07:41+00:00","og_image":[{"url":"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/","name":"iCal Vulnerabilities to be Patched Soon - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#primaryimage"},"datePublished":"2008-05-22T08:07:41+00:00","dateModified":"2008-05-22T08:07:41+00:00","description":"The ZDNet Zero Day security blog published an article about three iCal vulnerabilities, saying that Apple should be patching these security holes very","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"iCal Vulnerabilities to be Patched Soon"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"iCal Vulnerabilities to be Patched Soon","datePublished":"2008-05-22T08:07:41+00:00","dateModified":"2008-05-22T08:07:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#webpage"},"wordCount":243,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/ical-vulnerabilities-to-be-patched-soon\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/ical.jpg","articleSection":["Apple","Security &amp; Privacy"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-2u","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/154"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=154"}],"version-history":[{"count":0,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/154\/revisions"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}