One of the strongest features of the latest iCal is its ability to utilize calendars hosted at some online source. Collaboration is a great feature. Unfortunately, several bugs leave you vulnerable to exploit. According to eWeek, three bugs can be used to crash iCal in two cases or run arbitrary code in the third.
If you don’t use a network calendar server or regularly import ICS files, you’re safe. There’s nothing to worry about. However, if you do, you need to be careful that the source of your calendar data isn’t likely to be compromised. Don’t open random ICS files. Make sure only trusted people can alter the online calendar you’re subscribed to. Hopefully these will be fixed soon.
