Security News

Apple has released a new version of Xcode, a tool used by app developers for Apple devices, which contains two security fixes. Xcode 7.3.1 patches a heap-based buffer overflow flaw in which an attacker may be able to execute arbitrary code and effectively take control of the machine.

Xcode 7.3.1 is available for OS X El Capitan 10.11 and later, and addresses two vulnerabilities. Apple’s security bulletin describes the impact of its Xcode security update as follows:

Details of the patched vulnerabilities are as follows:

• CVE-2016-2324 : Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
• CVE-2016-2315 : revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

More information about these updates can be found on Apple’s Developer Download page for Xcode. You can download Xcode from the Mac App Store for free. [Direct Link]