In association with heise online

01 November 2007, 08:40

Security update for Apple's Xcode Developer Tools

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple is planning to release a new version of its Xcode Developer Tools for Mac OS X 10.4.x and 10.5, in which two vulnerabilities, both more than a year old, are fixed. The Xcode development environment, partially based on GNU tools, can be used to generate applications for all previous versions of Mac OS X.

The newly announced version 2.5 no longer allows crafted TekHex files to provoke a buffer overflow in gdb. On executing the restore command, this buffer overflow could be exploited by an attacker to inject and execute code. In addition, the OpenBase database demo, supplied as part of the WebObjects package, in which bugs in gnutar allow users with restricted privileges to access arbitrary data, is deactivated.

The link included in Apple's security advisory, however, currently points to the download page for Xcode 3.0 for Mac OS X 10.5.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit