lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 26 Jan 2021 13:05:49 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2021-01-26-4 Xcode 12.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-01-26-4 Xcode 12.4

Xcode 12.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212153.

Xcode IDE
Available for: macOS Catalina 10.15.4 and later
Impact: A malicious application may be able to access
arbitrary files on the host device while running an app
that uses on-demand resources with Xcode
Description: A path handling issue was addressed with
improved validation.
CVE-2021-1800: Theodore Dubois (@tbodt)

Installation note:

Xcode 12.4 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 12.4".

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAQgRcACgkQZcsbuWJ6
jjCzEQ//YOHe+Pi2janl+HduJZ7XHmNiPFX5tsXbfYddkwB34ZiLTeK7UPul+VM0
/Z6/5cuZNwvFhIFYTu2Gh+27gfW9i1wdnl2tIqfeyhN/w7NNdD7bDjJ4oVNsU3E0
BAO0OD76qWWhdm1vErj+74jtRAlhXcuV+PsyJT3n+unJlsYBGxlK56NdIrhbDnQW
IdZ6bGh6uCE643pret1TBtobnMJ/WUkFd1xuvVh2nkE9dUqh+rCrvDBWqkYKYh7m
MdGi45GU6y/viwWAn5rlDe/vsRABwCP/KpSZaaJOFhZt3IZF+jSMezFyWi6gwgQA
BnCrC+P0Q+V987vubp4gorueuRbBZ76Oye8Ltm5DHGnW7g3756R9QO3chLZPjGDv
IKwvyrbKL/+r41b6Jd2YOzF5PeuJXpAFTa4rYZdjauRlT2GCf68USWOobjJNhfOJ
/pC4PZqB1CfWywIXNFFirLNS/zrMp+qtbh69ThESXb25hiDkvc69kTW0k/SpdygA
+UHHo2vMymPrDuuZyINkxZm+h0Viy5PLldg6tlPTNFLeFgr2kNXepSjUqq7sTIN8
BF7ZQ+cpdSnzoo8zxteQZnc7RvhXDdMAUJT8lrVFD1mwob8Wr39dh8ANDhFTuJk3
Ee7P3rkLEQxV0U4bQns2GA9VaT54LlO7m+Qj1bYetnhLYjdPGEc=
=G4Ph
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists