Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0920 Xcode 6.3 9 April 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xcode Publisher: Apple Operating System: OS X Impact/Access: Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-1149 Original Bulletin: https://support.apple.com/en-us/HT204663 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-04-08-5 Xcode 6.3 Xcode 6.3 is now available and addresses the following: Clang Available for: OS X Mavericks v10.9.4 or later Impact: An attacker may be able to bypass stack guards Description: A register allocation issue existed in clang which sometimes led to stack cookie pointers being stored on the stack itself. This issue was addressed with improved register allocation. Swift Available for: OS X Mavericks v10.9.4 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A integer overflow issue existed in the simulator that could lead to conversions returning unexpected values. This issue was addressed by using improved checks. CVE-ID CVE-2015-1149 Xcode 6.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVJHMkAAoJEBcWfLTuOo7tXiwQAItddyjaYou2YXMjRu3dc1FR W69zMBR1GHQHqwIG+Cy++dU9+cQMxRgJuMj5GJrcKBdUy36cOXvUEdLGvuikgrmc jcxMDYVvDpvvjdY7N/PWq63w4zPllM+mJ8/n2vtOyHsSTesYu0JwhFGPkSqkN9jQ JcJIU4Mk3IuftR3GW7ryUoWPjeL4ZLqRdYpgglSgYOXhpDYJd97Z2p28FPCQ6K6p ww0uPFXc4RqM1S4EwZWofXfiuUmAR6gCz7sNjXlPsvWFhL4RF+ppnKsW34qA+zrU rsbm/QcIimdzYUsOhsM993uN/l/EWmjuExZ7tJDjWD5PLJtztM2fAEBSs0+g/JSh CFDDMOKUV6/jd0l/V1Y5/OaeR+D3/rx/nMXkwBzq5itYxfFBtzi3SfQ6VFHtfdxR AoKwuijG4y6Ll3joeQ73Ub/UX8suLkKH+WFa1WqDEom6dbmkEuASamwJ45MLHMBV x6vo2pL0mo/9/rCCEz5+qRncauRIVrOt+YwJSpILGqBYRi/61iwW3nIL1pg8jcdj ovWYUzLq4tMhLGlg3VegE5AqaiAmruULqYozZ5CtkydJCdnxiSPjpIJYLYOctGF8 cVB9XvB2Z1UYV4GqG7oZxUJiEVOfveZZqmUH/b5tcPQBIKf6E/PAaNRZ3IJ1Tyle 1uiCuBgp/UXGDrxpxIDu =rNdR - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVSYJNRLndAQH1ShLAQKamg/9FjevGNbROkkCU5Kzc11J/prM7PiKm/O1 oBigxiFgVvtgjmlK4mIORIHpxDZY00GE8N8CNnzBp5KICs+y0foRt33o3EE5XV3U r/q8sEMCn3li8IMjg5fu33++USxziW8lfOxpT8/X2F/XpbxcTcN8wUi6nltaj1dj F6drapmKc8V6OzgI9xWDW2FPhVqGHoXZJPxpK+avesq+sItCcz2CJXdNyedmtRpQ kI1RKplfCotsP+XuCDS7gP2ZJ6N8dKqPCh2ipO4xPLqgvKD1qZ1GvIuObNXTZU3t R+b/cP5ZH3nIniPgYKccdHW+ZAiE0gf1+1U+CZbETz172GLryoxIdqOdJsQc1eh6 4v525+xdI4B60AFryPhx8L4DUeOwmWUlqKVaP5VBXmDHsSpfQg0FUN7M6LLZW+5K 1hQw2XR0HGXlxm3hiBE+2MaysEw5aYZdAjevpC5YnRS84nyLYgnEMVk/I0s9MjmA HwC3Ww+zP8fGpRkz71LYhzJJ1EOp4ba/5RoYAUlpJzvmm7VFxIMqxuNA0DUhkAsw bOYmMmCXT14k+CnnXmw0dI2PLDpyJdVS8Rfxna6cp2oRv9xapckQLgbcrdtJXCQh EDLZNKOn6XrtUsI0z4BuaLswjYk0TK2XU0HyDG+8RQQg5qRYWEwKzs/ODTdNR5Qy ipydqV9OHf0= =o16x -----END PGP SIGNATURE-----