It was back in January that Core Security discovered the vulnerabilities in iCal, the calendar application that’s part of the Mac OS X. Two of them could cause the computer to crash, while the third could possibly allow a hacker to take control of the computer.
Ivan Acre, CTO of Core Security Technologies, explained to MacNewsWorld that “the third one can be used to compromise the computer with all the rights of the user running the application. For that to happen, the most likely scenario is the user opening up an e-mail or a calendar file that is malicious and has been specially crafted. If the user then edits the file, the Mac would be compromised. It requires some form of assistance."
Understandably, they informed Apple of the problem, and Apple promised a fix for the problem by May 19. When that didn’t happen, Core decided to publish the vulnerabilities, as well as a timeline of its correspondence on the topic with Apple.
"We thought, since day one, that we needed to balance the need for generating a fix with the need for warning users to be aware of the problem and their exposure and being able to do something about it," Acre said. He said that Mac OS X 10.5.1 and 10.5.2 are both affected, and iCal versions 3.0.1 and 3.0.2.
Editors' Recommendations
- 6 things we expect from WWDC 2024: iOS 18, AI, and more
- 4 CPUs you should buy instead of the Intel Core i9-13900K
- How to use iMessage on Windows
- Here’s why I finally gave up on using Safari on my Mac
- After decades of Windows loyalty, I’m switching to Mac
