Mac Security Alert: Three vulnerabilities uncovered in Apple iCal 3.0.1; Mac 10.5.1 (Leopard)
Recently, three vulnerabilities have been uncovered with Apple iCal 3.0.1. This could possibly affect those who use Mac 10.5.1 (Leopard). According to the report the most serious of the three due to a resource liberation bug.
The most serious of the three vulnerabilities is due to potential memory corruption resulting from an resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker.
“Exploitation of these vulnerabilities in a client-side attack scenario is possible with user assistance by opening or clicking on specially crafted .ics file send over email or hosted on a malicious web server; or without direct user assitance if a would-be attacker has the ability to legitimately add or modify calendar files on a CalDAV server.”
The Bugtraq names are 28629, 28632, and 28633.
Bugtraq 28629 is labeled “Apple iCal ‘COUNT’ Parameter Integer Overflow Vulnerability” and is classified as an “Boundary Condition Error.” In order for this, to work the attacker must entice the unsuspecting user to import a malicious UCS file. According to the report a vulnerable .ics file will contain the following line.
RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2147483646
Bugtraq 28632 is labeled as “Apple iCal ‘TRIGGER’ Parameter Denial of Service Vulnerability” and is classified as a “Design Error.” In order, to be successful the attacker must entice an unsuspecting user to import a malicious ICS file.
Bugtraq 28633 is labeled “Apple iCal ‘ATTACH’ Parameter Denial Of Service Vulnerability” and is classified as a “Input Validation error”. Checking out the exploit report nothing is said about the issue although it does link you to a “proof of concept file.” According to the report, direct user involvement isn’t necessary if the attacker is able to add or modify calendar files on a CalDAV server.
If you haven’t already done so you can receive updates for your Mac automatically.
How to get updates immediately (Mac OS X 10.3, 10.4, 10.5 or later)
- Go to the Apple menu
- Click on Software Update. Clicking on Software update will check for available updates.
- Mac OSX 10.3.x only: Click on the Check Now button.
- From the Software Update window choose the items you want to install
- Install the software. You usually want to install all the software updates.
- When prompted, enter the administration account name and password.
- Once the installation is complete, restart your Mac computer if it is required.
When I first set up automatic software update I found out that I had to run the software update a few times since some of the updates that I had installed were prerequisites for others.
If you are on a Mac OS X 10.2 or lower steps 1-3 are slightly different. Complete the first three steps and pick up the above steps 4-7.
- Go to the Apple menu
- Choose System Preferences
- From the View Menu, select Software Update
Rodrigo Carvalho who works for the Core Security Consulting Services Team at Core Security Technologies discovered and researched these vulnerabilities. Additional research was done by Ricardo Narvaja from CORE IMPACT (also part of Core Security Technologies) the Exploit Writers Team. Reading the report it states that vulnerabilities in a client-side attack is possible.
Core Security Technologies is a USA company based in Boston. It provides audit, penetration testing, and software based products and services.
Core Security Technologies has not observed these exploits in the wild. The vulnerabilities were observed during BugWeek 2007. The report was published on May 21, 2008.
Related Posts:
May 25th, 2008
[...] were observed during BugWeek 2007. The report was published on May 21, 2008. Source: Blorge __________________ “Some day you will be old enough to start reading fairy tales again.” — C.S. [...]