A critical zero-click vulnerability has been discovered in macOS Calendar, allowing attackers to add or delete arbitrary files within the Calendar sandbox environment and execute malicious code without any user interaction.
The vulnerability, found by security researcher Mikko Kenttala in 2022, could also be combined with a security protection evasion in Photos to compromise users’ sensitive iCloud Photos data.
https://cybersecuritynews.com/zero-clic ... endar-app/