back to article Researchers out Apple over unpatched iCal bugs

Researchers at Core Security have released details of three vulnerabilities in Apple iCal scheduling application, after four months of talks with the company. The security tools vendor said it is important for users to know about the flaws and make security precautions, even without a patch from Apple. The iCal bugs comprise …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Jobs Horns

    Duck and Cover MacTards

    Duck and cover MacTards. Seriously, get some face masks, plastic drop cloths and duck tape and hope for the best.

  2. Steven Raith
    Alert

    Apple + Security?

    Seems to be getting worse, not better.

    http://www.theregister.co.uk/2008/05/15/apple_safari_carpet_bombing_vuln/

    Apple? Hello? You're starting to look like you don't give a toss...

    Steven R

  3. TranceMist
    Thumb Up

    Classic

    This is a classic example of when posting to the community makes sense, and in fact is necessary when a vendor won't get off of their duff to fix the problem.

    Note that they worked with Apple for 4 months and the problem is still not fixed?

    Shame on Apple, iCal in Leopard is an embarrassment compared to Tiger.

    (disclaimer: in general, I love Leopard)

  4. Webster Phreaky
    Jobs Horns

    Bwah ha ha ha ha ha ha .... Apple = Security? NOT ...

    Bwah ha ha ha ha ha ha ..... Enjoy your latest Mac vs. Windows Fantasy TV ads MacTards. It's OS X users that need an AA Group to go to.

  5. Anonymous Coward
    Jobs Halo

    All Microsofts fault anyway

    Vista is such a terrible OS that people are running back to Apple for a basic computer. So in the end it is all Microsoft's fault again!

  6. Charlie Clark Silver badge
    Jobs Horns

    As if that were the only problem with iCal

    it's got really slow recently - quite happily takes half-minute to update a postponed alarm or add flight times (Lufthansa have finally started to send .ics files when you book a flight).

    Jobs is probably too busy working on the DRM for the next version of the iPhone to give a toss for customers who've already paid for the stuff. I really like some of the under-the-hood improvements to Leopard but attention to detail, lads. Please!

  7. Anonymous Coward
    Anonymous Coward

    I'm waiting

    For apple to get so bad people start recommending XP. I'll be laughing if it gets so bad Vista becomes an upgrade

  8. Tony Paulazzo
    Jobs Horns

    Apple installed spyware on my PC

    I hate macs, I hate ipods, I don't even have quicktime installed on my PCs, so when I do a process check on one of my systems do I find something called Bonjour running (tho nothing with that name is running in my services) - a quick Google tells me its an Apple service 'mDNS' something or other (phone home) that installs with itunes and - get this, Adobe CS3 tho' it's given a different name under CS3 (a series of numbers & letters).

    Wikipedia:

    Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

  9. Anonymous Coward
    Anonymous Coward

    That name again

    I can't help it, it makes me burst out in laughter every time I see it.

    Ivan Arce!

    Come ON!!!!! That's got to be made up. I know elreg has already stated it isn't but, seriously if I had a name like; I have an arse. I'd seriously consider changing my first name to; Nise

    /me meets nice looking bird, she asks, "what's your name"... response "Nise Arce", prompt slap... Followed by "No really, its on my driving license"

  10. Richard Scratcher
    Gates Horns

    iCal in Leopard is a big step backward

    I'm amazed that Apple let iCal out in its current form. On my old Mac it crashes quite a lot when I add a new event.

    The user interface has gone from quick, easy and intuitive to WTF!?

    It took me some serious testing (about 5 minutes) to determine that usability had taken a big hit, so I can see why it might have slipped by Apple's army of testers.

    Doh!

  11. Alex Tingle
    Flame

    iCal == iCrap

    The Leopard version is a massive step backwards, both in terms of usability and stability. It crashes on me every single day - so I'm not surprised there are security flaws too.

    Hopefully this will make Apple get off their collective arse and fix it. Sadly I suspect they'll spend five minutes patching the crashing bugs and leave the rest of the app in its current parlous state.

    Now, if it were open source I'd have fixed it myself months ago...

  12. Maliciously Crafted Packet

    This is becoming serious.

    I mean really this is getting beyond a fecking joke. I've said this many time before, IT only take a platform seriously when its riddled with real world security issues. How can Mac's ever get a foot hold in the enterprise when there is not one example of any security exploits outside the lab.

    Us Mac people are really starting to feel left out now. With all these security issues on the Mac in circulation someone somewhere must at least make an attempt to exploit them. Pleeeeeese!

    We want our Mac's to be like real computers -you know like the ones that don't work properly that you see in offices-, with proper viruses and suffer proper security exploits.

  13. Graham Wood

    @Tony Paulazzo

    It's actually a pretty standard uPNP type application. No, it shouldn't be installed without your consent, but it's not "spyware".

    Even from the quote you copied, it doesn't qualify.

    Having said that, the linux equivalent is uninstalled from any machine I work on the second I see it's there.

  14. Chris
    Thumb Up

    No particular problems with iCal here.

    I suppose I should say I'm a bit surprised at all the problems people are having with iCal on Leopard here, I haven't had a crash and I don't find usability too shoddy.

    Good for Core on publicising this vulnerability though.

  15. Dan Wilkinson

    @Tony Paulazzo

    Check your spyware definition. While you may not be aware it was running, it's not attempting to "intercept or take partial control over the user's interaction with the computer, without the user's informed consent." - It's just Apple's networking protocol. Quite why it's needed I'm not sure, but it's not spyware.

    I quite like iCal as a product for home use, but I can't recommend it over Outlook, and it's a real shame that acceptance emails between the two have never worked. That and the fact that you cannot rename or otherwise alter an event you have accepted (other than removing it) is a bit irritating, especially when you want to remove all the rubbish that Outlook occasionally pads appointments with, like putting "Updated: ..." at the beginning of changed appointments.

    Can we request some Steve Jobs icons please? There are 4 for Microhoo! after all...

  16. Dan Wilkinson

    @me

    What am I talking about - I thought that was Balmer - oops!

  17. Aetyr
    Coat

    @ Dan Wilkinson

    I can see why you'd get Ballmer and Jobs confused, Apple and MS are like two peas in a pod lately. Delayed security updates and newer versions of software that are actually worse than the previous versions? Where have we heard that before?

    If only there were some third option, which wasn't so insecure and made just to make money...

    Mine's the Tux (geddit?)

  18. Kanhef
    Stop

    "Don't accept files from untrusted sources"

    Which is what Outlook users have been told for the last ten years or so. Nothing new here, just an excuse to let the trolls out.

This topic is closed for new posts.

Other stories you might like