CVE-2008-1035

Name of the Vulnerable Software and Affected Versions Apple iCal version 3.0.1

Description A use-after-free issue in Apple iCal allows remote CalDAV servers and user-assisted remote attackers to potentially execute arbitrary code via a crafted .ics file containing an ATTACH;VALUE=URI:S=osumi line. This triggers a resource liberation bug, leading to memory corruption.

Recommendations For Apple iCal version 3.0.1, consider updating to a newer version to mitigate the risk, as no specific fix is provided for this version. As a temporary workaround, avoid using CalDAV servers that may trigger this issue until a patch is available.