Xcode 3.1 address security issues
updated 02:30 pm EDT, Sat July 12, 2008
Apple Xcode Tools 3.1
Apple has released an update to its developer tools, Xcode Tools 3.1. Xcode 3.1b was previously available as part of the iPhone SDK and is now as a standalone package for Mac OS developers as well. Addressing security issues, the new update fixes an arbitrary code execution and a WebObjects session ID disclosure. Requirements for Xcode tools 3.1 are an Apple Developer Connection membership and OS X 10.5 or higher. Xcode is available for Mac OS developers and as part of the final iPhone SDK; both are free for ADC members. [updated]
Xcode tools 3.1 fixes a CoreImage problem that could lead to arbitrary code execution or an unexpected application termination. The tools include an example application called CoreImage Fun House that handles content with the ".funhouse" extension. The problem involved a possible buffer overflow in the application when processing ".funhouse" files. Opening a maliciously-crafted ".funhouse" file could lead to an unexpected application termination or arbitrary code execution. The update addresses the issue through improved bounds
checking.
Version 3.1 also includes a fix for WebObjects session IDs being disclosed to other web sites. WebObjects' WOHyperlink, a dynamic hyperlink generator that appends session IDs to the URLs it generates, could possibly disclose user's session IDs to the sites linked to by the URL. The 3.1 update prevents session IDs from being added to URLs, except when the user specifically requests the action.
Fresh-Faced Recruit
Joined: Nov 1999
Released today?
How current is this release? I'm already using version 3.1 and have been for a while.
Anyone know if this is something released a while back and MacNN just decided to cover it or if there is actually a new build that was released today?