toggle

AAPL Stock: 118.9 ( + 3.59 )

Printed from http://www.macnn.com

Xcode 2.5 plugs security flaws

updated 06:45 pm EDT, Tue October 30, 2007

Xcode 2.5 released

Apple has released a new version of its Xcode Developer Tools, 2.5. The release fixes two security issues. First, a flaw where processing a file with maliciously crafted TekHex content may lead to an unexpected application termination or arbitrary code execution. The problem occurs because a buffer overflow exists in gdb's handling of files with Tektronix Hex Format (TekHex) content. By enticing a user to run gdb's "restore" command on a maliciously crafted TekHex file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of TekHex records.

The second security refinement deals with WebObjects. An unprivileged local user may be able to obtain system. The Xcode WebObjects package contains a demo version of OpenBase for use with WebObjects example code. This demo version of
OpenBase may allow a local user to obtain system privileges. This update addresses the issue by disabling the Apple-provided demo version of OpenBase.

Xcode 2.5 Developer Tools can be downloaded by Apple Developers (registration is free) from this download page.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. unity@mac.com

    Joined: Dec 1969

    0

    Which one?

    2.5 or 3.0, cause I have 3.0.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...

iRig Pads

When it comes to mobile music products, IK Multimedia has positioned itself as one of the top suppliers. Right from the early days of ...

toggle

Most Commented