Security researchers have published details of three flaws in Apple"s iCal application after waiting over four months for the company to issue a fix.

Researchers at Core Security discovered the bugs in the calendar application in January and promptly informed Apple of the flaws.

"Three vulnerabilities in iCal may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) assistance from the end user," said Core Security in a posting to the Bugtraq mailing list.

"They could also repeatedly execute a denial of service attack to crash the iCal application.

"The most serious of the three vulnerabilities is due to potential memory corruption resulting from a resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker."

Apple originally promised to publish fixes by March, then by April. But, after repeated delays and denials that there was a problem, Core Security went public with the information so that users could protect their information.