Apple Revises Xcode to Patch Git Holes
Friday, May 6, 2016 @ 04:05 PM gHale
Apple updated its Xcode integrated development environment to fix serious vulnerabilities in the Git version control system.
The issues in question are server and client-side remote code execution vulnerabilities affecting version 2.7.3 and earlier of Git.
The flaws ended up patched in mid-March with the release of Git 2.7.4. An attacker could exploit them by pushing or cloning a repository with a large filename or a large number of nested trees.
As it turns out, when users installed Xcode or the command line developer tools on Apple’s OS X El Capitan operating system they got Git 2.6.4 and not the newer version.
Apple addressed the issue this week by updating Git to version 2.7.4 in Xcode 7.3.1 available for El Capitan 10.11 and later.