Best offers
Exclusive Interview: Nvidia's Ian Buck Talks GPGPU
With Snow Leopard and Windows 7 both offering GPGPU capabilities, we wanted to talk to Nvidia's Ian Buck. Not only is he one of the fathers of Brook, the programming language ultimately adopted by AMD/ATI, but the head of Nvidia's CUDA group as well. Read More
-
Beamforming: The Best WiFi You’ve Never Seen
Forget 802.11n Draft 2.0. The future of video-capable WiFi depends on a signal-boosting technique called beamforming. We put the pioneers in this frontier through some real-world testing to find out which technology is going to change the wireless world. Read More
-
Exclusive Interview: Going Three Levels Beyond Kernel Rootkits
Today we have the pleasure of chatting with Joanna Rutkowska, one of the top computing security innovators in the world. She is the founder and CEO of Invisible Things Lab (ITL), a boutique computer security consulting and research firm. Read More
Partners
The Games selection
violent :
More Mindless Violence
Basic shooting game, but still so powerful! Use the mouse to take aim and shoot at the little beasties before they get to you. Use Space to reload....
|
crazy :
Interactive Boogy
Pick one of the 3 songs, hit on the correct keys matching this boy's dance moves.
|
Sponsored links
Core Security Publishes Apple iCal Vulnerabilities After Apple Fails To Patch
Next news- Email |
- Print |
- Comments (2) |
- Share
Researchers from Core Security Technologies yesterday grew weary of waiting for Apple to release a patch for vulnerabilites in Apple’s iCal application, which they discovered several months ago.
The three vulnerabilities affect iCal v3.0.1 that comes as standard with Mac OS X 10.5.1. One other additional bug in iCal Server, a component of Mac OS X Server, was also found.
The report states,
“Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application.”
Core first got in touch with Apple on January 30th of this year to let the company know they had discovered vulnerabilities in the iCal application and iCal server and that an advisory draft was available. Apple replied the next day and requested said advisory.
Things after that get a little messy with Core repeatedly asking for a release date for patches to fix the bugs (so they could publish the information) and Apple contesting the severity of two of the three iCal vulnerabilities and constantly changing the release date of the patch. Core maintained that all three of the flaws were serious while Apple claimed only one the iCal bugs was a security vulnerability. Apple also claimed that the server bug was not in the iCal Server but the Wiki Server.
Apple patched the server problem in its March update, however no other patches for the iCal bugs were released. Core Security delayed publishing details of the iCal bugs because of Apple’s request for more time. Original the company said the iCal fixes would be included in the March 18 update. It then said late April and subsequently, early May. Apple finally settled on Monday the 19th as the release date for the fix.
Apple requested further delays on May 10th and this is when Core decided it had had enough. The company said it would discuss rescheduling but two days later set the 21st of May as the day the company would publish its findings regardless of whether or not Apple released a patch.
As you may have noticed, no patch came. Core Security’s full report including a time-line and log of correspondence with Apple are available here.
Source : Tom's Hardware
But Apple is better!
They likely have no or very little infrastructure to fix vulnerabilities as everybody knows Apples aren't vulnerable in the first place.
With Apple sitting around 20% laptop market share the clock is just now starting to tick on that theory.