Apple Fixes iCal Flaw With Massive Leopard Update

Apple issued a monster patch load geared for its Leopard operating system Wednesday, addressing more than 40 crucial security vulnerabilities, including the long-anticipated iCal error, which open up doors for remote exploitation.

While Security Update 2008-003 targets, Mac OS X v 10.4.11 and Mac Os X Server v 10.4.11, it also incorporates repairs for Mac OS X v 10,5.3, which was also released Wednesday.

Unlike other software companies, Apple doesn't have a fixed rating system that designates vulnerabilities as "critical," however numerous patches in Security Update 2008-003 address errors that could allow a remote attacker to execute malicious code on an affected system.

Altogether, this patch release fixes holes in Apache, AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Flash Player Plug-in, Help Viewer, iCal, International Component for Unicode, Image Capture, ImageIO, Kernel, Mail, ruby, Single Sign-On and Wiki Server.

One vulnerability repaired by the update included a critical error in iCal, Apple's calendar and scheduling application, which could allow a remote attacker to execute arbitrary code or cause a complete system shut down after a viewer opened a maliciously crafted iCalendar file.

Apple, however, addressed just one of the three recently published vulnerabilities in iCal. The other two glitches, which have yet to be repaired, could lead to a crash of the entire iCal application stemming from errors triggered while parsing a malformed ics file.

Researchers at Boston-based Core Security first detected the security errors in January and made the advisory available to the public last week after repeated attempts over the course of four months to get Apple to publish the flaw.

Several of the other security patches fixed flaws considered critical by security experts in numerous applications that included multiple memory corruption issues in the Apple Pixlet Video codec, which could enable an individual to execute a remote attack after a user opened a malicious movie file. The attacker could then execute arbitrary code to exploit the flaw remotely and cause unexpected termination of the affected computer.

In addition, users opening malicious Flash content could enable an attacker to execute arbitrary code as the result of an error in the Flash Player Plug-in.

Another vulnerability affecting a broad number of users included an error in the Help Viewer, which could open up the doors for a remote attacker to unleash arbitrary code or completely terminate the application if a user opened a malicious help:topic URL.

Also patched was a memory corruption error in the Apple Type Services, or ATP, regarding the server's handling of embedded fonts on PDF files. If exploited, the error could allow a remote attacker to take control of an entire system after a user printed a PDF document containing a specially crafted embedded font.

A heap buffer overflow vulnerability, found in the way Apple's CoreFoundation handles CFData objects, was also addressed in the security bundle, preventing an attacker from taking control of a users' computer or shutting it down entirely.

Other patches repair a buffer overflow issue in Mail, which could lead to arbitrary code execution; an error in ruby, which could enable a remote attacker to read arbitrary files; a flaw in Single Sign-on, which could expose passwords to other local users; and an information disclosure issue in Wiki Server, which would allow an attacker to remotely determine user names on an enabled server.

Security Update 2008-003 and Mac OS X v 10.5.3 are available on the Apple Web site, under the Software Downloads section.