[<prev] [next>] [day] [month] [year] [list]
Message-id: <A2A2F4BB-6B68-4D01-B4D3-A924DEA39BDB@lists.apple.com>
Date: Tue, 26 Jan 2021 13:05:49 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2021-01-26-4 Xcode 12.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-01-26-4 Xcode 12.4
Xcode 12.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212153.
Xcode IDE
Available for: macOS Catalina 10.15.4 and later
Impact: A malicious application may be able to access
arbitrary files on the host device while running an app
that uses on-demand resources with Xcode
Description: A path handling issue was addressed with
improved validation.
CVE-2021-1800: Theodore Dubois (@tbodt)
Installation note:
Xcode 12.4 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 12.4".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAQgRcACgkQZcsbuWJ6
jjCzEQ//YOHe+Pi2janl+HduJZ7XHmNiPFX5tsXbfYddkwB34ZiLTeK7UPul+VM0
/Z6/5cuZNwvFhIFYTu2Gh+27gfW9i1wdnl2tIqfeyhN/w7NNdD7bDjJ4oVNsU3E0
BAO0OD76qWWhdm1vErj+74jtRAlhXcuV+PsyJT3n+unJlsYBGxlK56NdIrhbDnQW
IdZ6bGh6uCE643pret1TBtobnMJ/WUkFd1xuvVh2nkE9dUqh+rCrvDBWqkYKYh7m
MdGi45GU6y/viwWAn5rlDe/vsRABwCP/KpSZaaJOFhZt3IZF+jSMezFyWi6gwgQA
BnCrC+P0Q+V987vubp4gorueuRbBZ76Oye8Ltm5DHGnW7g3756R9QO3chLZPjGDv
IKwvyrbKL/+r41b6Jd2YOzF5PeuJXpAFTa4rYZdjauRlT2GCf68USWOobjJNhfOJ
/pC4PZqB1CfWywIXNFFirLNS/zrMp+qtbh69ThESXb25hiDkvc69kTW0k/SpdygA
+UHHo2vMymPrDuuZyINkxZm+h0Viy5PLldg6tlPTNFLeFgr2kNXepSjUqq7sTIN8
BF7ZQ+cpdSnzoo8zxteQZnc7RvhXDdMAUJT8lrVFD1mwob8Wr39dh8ANDhFTuJk3
Ee7P3rkLEQxV0U4bQns2GA9VaT54LlO7m+Qj1bYetnhLYjdPGEc=
=G4Ph
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists