copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2004.0737 -- APPLE-SA-2004-11-22 -- iCal 1.5.4
 

ESB-2004.0737 -- APPLE-SA-2004-11-22 -- iCal 1.5.4
Date: 23 November 2004

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2004.0737 -- APPLE-SA-2004-11-22
                                iCal 1.5.4
                             23 November 2004

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iCal
Publisher:         Apple
Operating System:  Mac OS X
Impact:            Inappropriate Access
Access:            Remote/Unauthenticated
CVE Names:         CAN-2004-1021

Original Bulletin: http://docs.info.apple.com/article.html?artnum=61798

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-11-22 iCal 1.5.4

iCal 1.5.4 is now available and delivers the following security
enhancement:

CVE-ID:  CAN-2004-1021

Availability:  iCal 1.5.4 is available for Mac OS X v10.2.3 or later

Impact:  New iCal calendars may add alarms without approval

Description:  iCal calendars may include notification of events via
alarms.  These alarms may open programs and send e-mail.  iCal has
been updated to show an alert window when importing or opening
calendars containing alarms.  Credit to aaron@vtty.com for reporting
this issue.

iCal 1.5.4 may be obtained from the Software Update pane in System
Preferences, or Apple's iCal web site:
http://www.apple.com/ical/download/

The download file is named: "iCal154.dmg"
Its SHA-1 digest is:  0bcb7c569bd3410f001c922afc337019203c19de

Information will also be posted to the Apple Product Security
web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQaJdy5yw5owIz4TQAQLT4wf8Cjbdlsyu8WG1tvipjnZW4Is8M6+b4AUZ
5eu/Bzs27R/MUtBV/K9fi3peiZe412aDtw8Z54EEN+SY5jQMftIdQJW96WEnVrde
R3DkbJKrwzrJYf6ctXdc4WzO/RuCg1P3LbkTrCWmrR+zhrto3jfmlC9DRktMEj9F
EatUvPFgi8pnGaBUjm9eGEjHHLZWNq1iMb9gOdIBhkLjS8nFZlNMa67S4+aPsnkA
Cgsk61bddRWoWm1fNpn2k3WKYLhYCpYc7eGIUYzRVdJjxfQJe4fWpSTmxTCpCAHv
HT+NYa96Zf8xBvNlVfrfQC/c1DgRxA/YGs038Mc/nP9xF6ULdH2K7g==
=mx+1
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQaJ3JSh9+71yA2DNAQLn0wP/eZNR0mBVGePUL/0goPUC26D3uEuY5Har
t5OPxJB5lr/FsCYqQLhRRZtlqv2QgQ2HsiyfUR6AHI+/4nOcvg7Ueu6u4x5t3ChL
j52Y+2TDfawKYQTojkqCI/cAw9HDjBbOqmZq35t0RymC2BhBk+5MFwNSuacRKtTa
IRZZAbGgoTI=
=i37a
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=4566