toggle

AAPL Stock: 116.47 ( + 0.16 )

Printed from http://www.macnn.com

Xcode 2.5 plugs security flaws

updated 06:45 pm EDT, Tue October 30, 2007

Xcode 2.5 released

Apple has released a new version of its Xcode Developer Tools, 2.5. The release fixes two security issues. First, a flaw where processing a file with maliciously crafted TekHex content may lead to an unexpected application termination or arbitrary code execution. The problem occurs because a buffer overflow exists in gdb's handling of files with Tektronix Hex Format (TekHex) content. By enticing a user to run gdb's "restore" command on a maliciously crafted TekHex file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of TekHex records.

The second security refinement deals with WebObjects. An unprivileged local user may be able to obtain system. The Xcode WebObjects package contains a demo version of OpenBase for use with WebObjects example code. This demo version of
OpenBase may allow a local user to obtain system privileges. This update addresses the issue by disabling the Apple-provided demo version of OpenBase.

Xcode 2.5 Developer Tools can be downloaded by Apple Developers (registration is free) from this download page.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. unity@mac.com

    Joined: Dec 1969

    0

    Which one?

    2.5 or 3.0, cause I have 3.0.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a for ...

toggle

Most Commented