The first and most important flaw is related to memory corruption. The report says that it can be triggered if a specially-crafted .ics file is executed The exploit is aimed at a resource liberation bug and it would allow the attacker to execute arbitrary code on the machine.
The other two vulnerabilities also rely on the execution of a malformed .ics file. The file takes advantage of a null-pointer dereference bug in the software and the result would be that iCal would repeatedly crash.
Still, there is some good news about these two flaws:
“The ability to inject and execute arbitrary code on vulnerable systems using these two vulnerabilities was researched but not proven possible.”
The flaws affect iCal 3.0.1 running on Mac OS X 10.5.1. Upgraded version were reported to be immune.