Apple Revises Xcode to Patch Git Holes

Friday, May 6, 2016 @ 04:05 PM gHale


Apple updated its Xcode integrated development environment to fix serious vulnerabilities in the Git version control system.

The issues in question are server and client-side remote code execution vulnerabilities affecting version 2.7.3 and earlier of Git.

RELATED STORIES
Apple Ends QuickTime for Windows Support
Patching Tool Under Scrutiny
Corporate iOS Devices Targeted
iOS Zero Day in iMessage Encryption

The flaws ended up patched in mid-March with the release of Git 2.7.4. An attacker could exploit them by pushing or cloning a repository with a large filename or a large number of nested trees.

As it turns out, when users installed Xcode or the command line developer tools on Apple’s OS X El Capitan operating system they got Git 2.6.4 and not the newer version.

Apple addressed the issue this week by updating Git to version 2.7.4 in Xcode 7.3.1 available for El Capitan 10.11 and later.