Skip to Content

Submit your nominations for the Luxist Awards' Best in Decor
AOL Tech

vulnerabilities posts

Filed under: Internet, Leopard

Security company discloses iCal vulnerabilities

by Robert Palmer (RSS feed) on May 22nd, 2008

Core Security, in an advisory that showed a contentious argument with Apple, disclosed three iCal bugs that attackers could exploit using malicious servers, web sites, and .ics email attachments.

"The vulnerabilities may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application," said Core Security.

The advisory states that iCal 3.01 running on Mac OS X 10.5.1 is still vulnerable, but it's unclear if the latest version of both iCal and Mac OS X (3.02 and 10.5.2, respectively) fix the problems. Apple asked Core Security to delay publication of its findings, but Core Security set May 21 as its drop-deadline.

Core Security first reported the bugs in January. Apple fixed one of the bugs in a security release in March (2008-002), but thought that the others were not as critical as Core Security did. After Apple pushed back the release date for the remaining patches several times, a frustrated Core Security said they would release details of the bugs.

[Via Macworld]

Update (June 1, 2008): The Washington Post notes that Mac OS X 10.5.3 patches the vulnerability.

Tags: ical, security, vulnerabilities

Filed under: Analysis / Opinion, OS, Security

Symantec talks Mac security

by Cory Bohon (RSS feed) on Dec 19th, 2007

What might Apple's surging sales of Macs have to do with the security of your computer? Possibly, a lot. In a recent CIO interview (conducted by our very own Lisa Hoover), Ollie Whitehouse, an architect for Symantec's Advanced Threat Research Team said that as the Mac keeps growing in popularity, so will the exploits.

This theory has been around for as long as OS X, if not longer but lately it seems to be gaining some credibility. There was the Mac "virus" last year, though it actually managed to infect less than 50 Macs in the wild. There was the report of a "dramatic increase" in OS X malware recently. And just yesterday ZDNet posted an article on vulnerabilities found in three operating systems: Leopard, Windows Vista, and Windows XP. They said that Mac OS X had the most vulnerabilities of the three (though it is worth noting that they are "vulnerabilities," not actual exploits. Windows still reigns supreme on that front).

Could these analysts be right? Should we be worried about the continued security of our chosen platform? Should Apple start focusing on OS X's security rather than simply adding more features?

Only time will tell, but one thing is certain: it is a scary world out there.

Tags: exploits, Mac Security, MacSecurity, system security, SystemSecurity, vulnerabilities

Tip of the Day

Reply in the Mail.app with a specific quote.
Select the text you want quoted and then hit the reply button.
Only your selected text will copied to the reply email.

Learn More

Follow us on Twitter!

TUAW flickr Pool

www.flickr.com
 TUAW [Cafepress]

Featured Galleries

DNC Macs
Macworld 2008 Keynote
Macworld 2008 Build-up
Google Earth for iPhone
Podcaster
Storyist 2.0
AT&T Navigator Road Test
Bento for iPhone 1.0
Scrabble for iPhone
Tom Bihn Checkpoint Flyer Briefcase
Apple Vanity Plates
Apple booth Macworld 07
WorldVoice Radio
Quickoffice for iPhone 1.1.1
Daylite 3.9 Review
DiscPainter
Mariner Calc for iPhone
2009CupertinoBus
Crash Bandicoot Nitro Kart 3D
MLB.com At Bat 2009
Macworld Expo 2007 show floor

 

Most Commented On (7 days)

Recent Comments

More Apple Analysis

More from AOL Money and Finance

AOL Radio TUAW on Stitcher