lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2020 14:56:14 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2020-09-16-5 Xcode 12.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-09-16-5 Xcode 12.0

Xcode 12.0 is now available and addresses the following:

IDE Device Support
Available for: macOS Mojave 10.15.4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen

Additional recognition

debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.

LLVM
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Installation note:

Xcode 12.0 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 12.0".
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igoYACgkQZcsbuWJ6
jjA17g//cPW08TA+cwO7nyipcSTcXdovOMGJYoIrrupmdtm9+7tbq+9qXNbcbCCU
/w8TpNXAfoJd1CD8mLzzDlZcmf2uVg+F8/0I4VkzGCp8Z4GusehXa36otdpHA4n1
53awpj656xP4C27BdYxQfkQyWp4VQNrTmIIbppvn9Ozdmx2OqqynTpxSrTApu79m
PZEBvNIlWkint7d1Fr9+GVqJh1FtOSjrH2mn9tblIUcjUEifVZtMEP8NbN0OD6JS
n6W3ivUAoRDS7jQjLUnkzQcYzXnA9iRRaHWq3VppC6k1sg8DFqqIC0trXr3PyzpG
Q1fvY7QqCqppomQ1jSSUH0+bPemu2R3QSj1w/tbB481JUfPUvklPZgBuSVIBOu67
dRC49HjUjqP9jLkrFI6rgN+O76DZeImy0o7cnjVhdessMTzT8s7Dbu8d/4ixKVTA
uLkqR/240hywZXHa2CLffAJQiUfPx7fXde1u7vx/v0tZreCq3w9ScBOmegovILSS
/cx0wT8Od/LZiPYZgGh5yGFBP99qrKIYfX9yzRSynBGDfee4dXbitFm/fUy65zg8
Yjz4eSIoZqCl9PrsW0lXqOyTs2ozrPA7jD+VwaC1ZHzn6RjMB9zTmasxOrEbZ/XK
cJ/xv6Fef/H7/k6HG8TCxOK5xvp+ZhAZkL90jW33jvSRr2ovSjo=
=FOfL
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists