Apple Plugs Xcode Holes

Tuesday, November 1, 2016 @ 06:11 PM gHale


Apple updated its Xcode integrated development environment (IDE) to address vulnerabilities.

Apple updated Xcode to version 8.1 to address ten security holes an attacker could leverage for arbitrary code execution or to cause an application crash.

RELATED STORIES
Apple Patches Vulnerabilities
Apple Patches OS Vulnerabilities
Apple Patches Security Holes
Macs Targeted with Backdoor

The update fixes vulnerabilities in Node.js and OpenSSL. Apple said it updated the Node.js version used in Xcode Server to 4.5.0, which became available in mid-August.

In addition to the Xcode fixes, Apple also released iTunes 12.5.2 and iCloud 6.0.1 for Windows, Apple patched holes in the WebKit web browser engine.

One of the flaws can lead to disclosure of user information. The second issue, discovered by Apple can lead to arbitrary code execution. An attacker could leverage either vulnerability through processing of specially crafted web content.

The information disclosure flaw was also resolved earlier in Safari and tvOS. The code execution bug also affects iOS and it ended up fixed with the release of version 10.1.



Leave a Reply

You must be logged in to post a comment.