The Channel logo

News

By | John Leyden 29th May 2008 10:59

Apple mega update strikes out calendar bug

iPatch

Apple pushed out a bumper security and performance update on Wednesday that finally plugs a long-standing security hole.

Mac OS X version 10.5.3 updates open source components that Apple bundles with its software (such as Apache) as well as its own software and third party components. In total the software upgrade patches 22 modules, including a fix for a serious security bug in Apple's calendering application iCal.

Flaws in iCal that potentially created a means to inject hostile code onto vulnerable systems were discovered by Core Security back in January, and promptly notified to Apple. A protracted series of exchanges followed.

The dialogue revolved around whether the bugs were serious enough to patch and, if so, when Apple would issue patches. Eventually Core said it would publish an advisory on Wednesday (21 May) in the belief Apple was ready to release a fix on Monday (19 May). In the event, this update only came out on 28 May.

Apple now concedes that maliciously crafted iCalendar files might be used to smuggle malware onto unpatched systems. It credits Core Security with reporting the issue.

Other components of Mac OS X version 10.5.3 defend against other arbitrary code execution vulnerabilities, stomping on bugs in a Flash Player Plug-in for Mac OS X, Appkit and Mail. There's also fixes for a password disclosure vulnerability involving single sign-on and bugs in the kernel that might trigger unexpected system shutdown.

A full run-down of the security components of Apple's release can be found on its site here. ®

comment icon Read 44 comments on this article alert Send corrections

Opinion

Houses of Parliament in night-time

Andrew Orlowski

Come on everybody, let's upload all our stuff into Government by Cloud
Joe Tucci EMC
frustration_anger_irritation_annoyance pain

Felipe Costa

Pressure to perform for stock market bearing down on disties
Columns of coins in the cloud

Michael Cote

Anything that simple to use has got to be complex to set up

Features

Alistair Darling and Alex Salmond debate Scottish independence
You keep the call centres, Hamish, we'll take the banks
Internet of Things
Everyone loves those Things, just not on each others' terms
No email? No CRM? No Daily Mail iPad edition? You need a plan
Sinofsky's hybrid strategy looks dafter than ever