Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0744 Multiple vulnerabilities have been identified in Xcode 22 March 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple Xcode Publisher: Apple Operating System: OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-1765 CVE-2015-3187 CVE-2015-3184 Reference: ASB-2015.0079 ESB-2015.2358 ESB-2015.2139 ESB-2015.2056 Original Bulletin: https://support.apple.com/en-au/HT206172 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-4 Xcode 7.3 Xcode 7.3 is now available and addresses the following: otool Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy) subversion Available for: OS X El Capitan v10.11 and later Impact: A malicious server may be able to execute arbitrary code Description: Multiple vulnerabilities existed in subversion versions prior to 1.7.21, the most serious of which may have led to remote code execution. These were addressed by updating subversion to version 1.7.22. CVE-ID CVE-2015-3184 : C. Michael Pilato, CollabNet CVE-2015-3187 : C. Michael Pilato, CollabNet Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "7.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8 vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T 4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt 6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12 OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5 UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9 8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw cU0NiqyyiqU1H29UaU50 =9aiD - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVvDBrX6ZAP0PgtI9AQJkHBAAhR8VfP/LIsrC8LM8k+r3A2lu/WwsiiBU HcEAdao66LnK+p/iQK4h/eBjs38/r16earaEJkHBeSKagWMRT/wNpO1EsFpB5q7s EotBmgs9NhWNa8NgjzoqhJPuDcKXSkJTmU/VYcrofdFwmjduFVeVrCJmfOqEXE77 Ny3a7QpD5FF9/jqbP5z73IL2uPjsi8544s+CqdhM/xnntVDV+Bn/M/TK1l1FhUom 4Cch/I57CRZhdWlOBLTkgJppX8+enj/1/sxEJWvykIhL+lf2NdQ9vhPku8FKNPgd 2xZ6MaJYilY/ARmGspdQGB64+8KE44duMv1QsZFE5IkFezlKSXnqp9HJ+JMCsDAd YwZ0iThaPw3wmN135yF5ZUuknY0zKyfUS7smrFJty4bWvtqcqe/0fzAaystx7wRF rts1lXlEsLKMt/5JkuMeJ4LBfb8MCmWmfnyye3HLdMHduKrL4HwoNytBrUfUbDWT M4dsI972gbdtSpY0Q870cfjejmOtPpDRuP4tlsWARAguTsVSuhM86cnzh2Ke2aHW 3+Tf158TDXWtJfgmMl7sp3eaV8nHEfnbLBlwfYd6uEyIo5Dgd8rKIjd0sIlx0Hw2 j1vJhIXLlc0r2XPL3iYZq1VUrMDrtWA0bsD0iaHfEA9x5gb3+8nDKEQQLrEzP4tB Iv/vd0mdwi0= =vhJ0 -----END PGP SIGNATURE-----