Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0920
Xcode 6.3
9 April 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Xcode
Publisher: Apple
Operating System: OS X
Impact/Access: Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-1149
Original Bulletin:
https://support.apple.com/en-us/HT204663
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-04-08-5 Xcode 6.3
Xcode 6.3 is now available and addresses the following:
Clang
Available for: OS X Mavericks v10.9.4 or later
Impact: An attacker may be able to bypass stack guards
Description: A register allocation issue existed in clang which
sometimes led to stack cookie pointers being stored on the stack
itself. This issue was addressed with improved register allocation.
Swift
Available for: OS X Mavericks v10.9.4 or later
Impact: Swift programs performing certain type conversions may
receive unexpected values
Description: A integer overflow issue existed in the simulator that
could lead to conversions returning unexpected values. This issue was
addressed by using improved checks.
CVE-ID
CVE-2015-1149
Xcode 6.3 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "6.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVJHMkAAoJEBcWfLTuOo7tXiwQAItddyjaYou2YXMjRu3dc1FR
W69zMBR1GHQHqwIG+Cy++dU9+cQMxRgJuMj5GJrcKBdUy36cOXvUEdLGvuikgrmc
jcxMDYVvDpvvjdY7N/PWq63w4zPllM+mJ8/n2vtOyHsSTesYu0JwhFGPkSqkN9jQ
JcJIU4Mk3IuftR3GW7ryUoWPjeL4ZLqRdYpgglSgYOXhpDYJd97Z2p28FPCQ6K6p
ww0uPFXc4RqM1S4EwZWofXfiuUmAR6gCz7sNjXlPsvWFhL4RF+ppnKsW34qA+zrU
rsbm/QcIimdzYUsOhsM993uN/l/EWmjuExZ7tJDjWD5PLJtztM2fAEBSs0+g/JSh
CFDDMOKUV6/jd0l/V1Y5/OaeR+D3/rx/nMXkwBzq5itYxfFBtzi3SfQ6VFHtfdxR
AoKwuijG4y6Ll3joeQ73Ub/UX8suLkKH+WFa1WqDEom6dbmkEuASamwJ45MLHMBV
x6vo2pL0mo/9/rCCEz5+qRncauRIVrOt+YwJSpILGqBYRi/61iwW3nIL1pg8jcdj
ovWYUzLq4tMhLGlg3VegE5AqaiAmruULqYozZ5CtkydJCdnxiSPjpIJYLYOctGF8
cVB9XvB2Z1UYV4GqG7oZxUJiEVOfveZZqmUH/b5tcPQBIKf6E/PAaNRZ3IJ1Tyle
1uiCuBgp/UXGDrxpxIDu
=rNdR
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVSYJNRLndAQH1ShLAQKamg/9FjevGNbROkkCU5Kzc11J/prM7PiKm/O1
oBigxiFgVvtgjmlK4mIORIHpxDZY00GE8N8CNnzBp5KICs+y0foRt33o3EE5XV3U
r/q8sEMCn3li8IMjg5fu33++USxziW8lfOxpT8/X2F/XpbxcTcN8wUi6nltaj1dj
F6drapmKc8V6OzgI9xWDW2FPhVqGHoXZJPxpK+avesq+sItCcz2CJXdNyedmtRpQ
kI1RKplfCotsP+XuCDS7gP2ZJ6N8dKqPCh2ipO4xPLqgvKD1qZ1GvIuObNXTZU3t
R+b/cP5ZH3nIniPgYKccdHW+ZAiE0gf1+1U+CZbETz172GLryoxIdqOdJsQc1eh6
4v525+xdI4B60AFryPhx8L4DUeOwmWUlqKVaP5VBXmDHsSpfQg0FUN7M6LLZW+5K
1hQw2XR0HGXlxm3hiBE+2MaysEw5aYZdAjevpC5YnRS84nyLYgnEMVk/I0s9MjmA
HwC3Ww+zP8fGpRkz71LYhzJJ1EOp4ba/5RoYAUlpJzvmm7VFxIMqxuNA0DUhkAsw
bOYmMmCXT14k+CnnXmw0dI2PLDpyJdVS8Rfxna6cp2oRv9xapckQLgbcrdtJXCQh
EDLZNKOn6XrtUsI0z4BuaLswjYk0TK2XU0HyDG+8RQQg5qRYWEwKzs/ODTdNR5Qy
ipydqV9OHf0=
=o16x
-----END PGP SIGNATURE-----