Apple Vulnerabilities discovered

Praxeas · #1 05-22-2008, 02:42 PM

http://blogs.pcmag.com/securitywatch...s_reported.php

Version 3.0.1 of iCal, running on the Mac OS X 10.5.1 platform, vulnerable to remote compromise according to Core Security Technologies.
The three attacks are all based on improper checking of data in .ics files, according to the advisory from Core. The user needs to be convinced to import a malicious file at which point the program can crash or, potentially, arbitrary code be executed in the context of the logged-in user. It may also be possible to compromise iCal clients through a CalDav server.
iCal is a calendar program provided with Mac OS X, It can be used as a standalone program or as a client to a CalDav server.
So far there are no reports of the vulnerability being exploited in the wild.

Encryptus · #2 05-22-2008, 02:44 PM

Apple Vulnerabilities discovered?

Thats news?

Everyone knows that apples get worms.

Ferd · #3 05-22-2008, 02:56 PM

I have always thought Apple avoided attack because Microsoft was just larger.

As Apple begins to gain market share, the hits will come.

Praxeas · #4 05-22-2008, 02:57 PM

Quote:

Originally Posted by Ferd

I have always thought Apple avoided attack because Microsoft was just larger.

As Apple begins to gain market share, the hits will come.

Thats right

#5 05-30-2008, 08:53 PM

Apples problems with security started when they went to the intel chip sets that are x 86 instead of power pc chip sets , i have not upgraded computers because of the intel chip sets.

A mac running pure linux will not have problem and yes they mac linux for macs.

clgustaveson · #6 05-31-2008, 12:38 PM

Quote:

Originally Posted by Ferd

I have always thought Apple avoided attack because Microsoft was just larger.

As Apple begins to gain market share, the hits will come.

Thats not entirely true, the core concept of Apples protection is the that you are not "logged in" as an administrator.

This is the exact same concept that Windows infamous Vista uses. There is a difficult avenue one must follow in order to write to special locations ESPECIALLY if one is remote.

The same security enhancement that Vista has taken on to is the one and the same Apple has used for years (which is why the commercial is so hypocritical when Apple makes fun of user authentication in Vista).

The main Apple vulnerability is actually located in Safari, they failed to fix the vulnerability with the latest update despite the fact it is well knows.

iCal is only vulnerable to the extent the CalDav is vulnerable, as long as the server is secured through an extensive firewal and you require your users to use a VPN you should be safe(er) from attacks.