SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java

Researchers from the Core Security Technologies have come out to reveal that Apple has yet to fix three bugs confirmed in their Apple iCal scheduling software. Two of the three bugs can cause the application to crash, while the third one could be used to run code, if a malicious .ics file is opened.

In order for an attacker to exploit these vulnerabilities, he or she would have to convince an iCal user to open an .ics file sent via e-mail or hosted on a Web server. An attacker could trigger the exploits directly if he or she had the ability to add or modify files on a CalDAV server.

iCal is an application that runs on the Mac OS X and is a client side component of Apple’s calendar service application. People can use the application to create multiple calendars and share them with others. The version of the application that is supposed to have the bugs is iCal 3.0.1.

The advisory indicates that Apple has been notified of these issues and is working on a fix. The fix was expected by May 19, but Apple has not released any security fix via Software Update until now.