The bug trio has been found by a team of the researches working at Core Security

The first and most important flaw is related to memory corruption. The report says that it can be triggered if a specially-crafted .ics file is executed The exploit is aimed at a resource liberation bug and it would allow the attacker to execute arbitrary code on the machine. 

The other two vulnerabilities also rely on the execution of a malformed .ics file. The file takes advantage of a null-pointer dereference bug in the software and the result would be that iCal would repeatedly crash.

Still, there is some good news about these two flaws:

“The ability to inject and execute arbitrary code on vulnerable systems using these two vulnerabilities was researched but not proven possible.”

The flaws affect iCal 3.0.1 running on Mac OS X 10.5.1. Upgraded version were reported to be immune.