toggle

AAPL Stock: 130.28 ( + 0.61 )

Printed from http://www.macnn.com

Xcode 2.5 plugs security flaws

updated 06:45 pm EDT, Tue October 30, 2007

Xcode 2.5 released

Apple has released a new version of its Xcode Developer Tools, 2.5. The release fixes two security issues. First, a flaw where processing a file with maliciously crafted TekHex content may lead to an unexpected application termination or arbitrary code execution. The problem occurs because a buffer overflow exists in gdb's handling of files with Tektronix Hex Format (TekHex) content. By enticing a user to run gdb's "restore" command on a maliciously crafted TekHex file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of TekHex records.

The second security refinement deals with WebObjects. An unprivileged local user may be able to obtain system. The Xcode WebObjects package contains a demo version of OpenBase for use with WebObjects example code. This demo version of
OpenBase may allow a local user to obtain system privileges. This update addresses the issue by disabling the Apple-provided demo version of OpenBase.

Xcode 2.5 Developer Tools can be downloaded by Apple Developers (registration is free) from this download page.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. unity@mac.com

    Joined: Dec 1969

    0

    Which one?

    2.5 or 3.0, cause I have 3.0.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

JBL Synchros Reflect in-ear headphones

All headphones are not created equally, especially when it comes to use during vigorous activities or workouts. Over-the-ear headphone ...

Brother HL-3140CW Color Laser Printer

It's inevitable, at some point somebody needs a hardcopy of a document. Paper never runs out of battery charge, after all. Our Mom, j ...

Linksys WRT1200AC Wi-Fi Router

Once upon a time, a brand-new Linksys router showed up on our doorstep. So we gathered some network-minded friends together, and hooke ...

toggle

Most Commented