toggle

AAPL Stock: 101.96 ( + 2.2 )

Printed from http://www.macnn.com

Xcode 2.5 plugs security flaws

updated 06:45 pm EDT, Tue October 30, 2007

Xcode 2.5 released

Apple has released a new version of its Xcode Developer Tools, 2.5. The release fixes two security issues. First, a flaw where processing a file with maliciously crafted TekHex content may lead to an unexpected application termination or arbitrary code execution. The problem occurs because a buffer overflow exists in gdb's handling of files with Tektronix Hex Format (TekHex) content. By enticing a user to run gdb's "restore" command on a maliciously crafted TekHex file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of TekHex records.

The second security refinement deals with WebObjects. An unprivileged local user may be able to obtain system. The Xcode WebObjects package contains a demo version of OpenBase for use with WebObjects example code. This demo version of
OpenBase may allow a local user to obtain system privileges. This update addresses the issue by disabling the Apple-provided demo version of OpenBase.

Xcode 2.5 Developer Tools can be downloaded by Apple Developers (registration is free) from this download page.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. unity@mac.com

    Joined: Dec 1969

    0

    Which one?

    2.5 or 3.0, cause I have 3.0.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Kenu Airframe +

Simple, stylish and effective, the Kenu Aiframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fr ...

toggle

Most Commented