APPLE-SA-09-26-2023-6 Xcode 15
2023-10-3 11:9:19 Author: seclists.org(查看原文) 阅读量:12 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 26 Sep 2023 14:31:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-09-26-2023-6 Xcode 15

Xcode 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213939.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Dev Tools
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2023-32396: Mickey Jin (@patch1t)

GPU Drivers
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security

iTMSTransporter
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to access App Store credentials
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-40435: James Duffy (mangoSecure)

Xcode 15 may be obtained from:
https://developer.apple.com/xcode/downloads/  To check that the Xcode
has been updated:  * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 15".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJgACgkQX+5d1TXa
IvrnUhAAnpI05QaADKuxrzNT8qK0AnI99sCvI1G+nRpN7FhvwAnBmMSiKPBNmpLb
o79j75mhDYSJiojeiBR+YJBFWZUoeKWcaa4TnXWfM8CndzqAnzf7wdAoXjOsv7Li
+e701hE3f2tsMIMhcHszvC//gVzCZotrLKCGn4bxGP4E7x4lkjj5IB9a4XxAVsgr
OoDignacVkUmrys1nuqyWIsLDk1rAYvikqA03SmG2mRhTp86O6BhyJNHRfftEfmH
ppD3kFlihLPUGwvqOULoNnxCkL1vlk9qt0VPQxDHZsEq6hW4/RqrHGBErDeAImhI
0m8jOQ9raP8vAxT8tp4r86HQZBs6RDBsX8J8EwerUfW6eCoO0QRsWt9/JTbPHpxW
MPIndWwwucJ/bC4nchOUKs3LzkRXZrmtuevvt4Z4A1pbhOYqPCojT+X/JD/7qtEm
A/vJAO+75p8uJWn/BCF1sTzX68qMRoJUnHtOYjwgGzYZ7fg4oQVv8oIIzfxqZxiE
pM6FdVbxbpvnpleTRvaqpjRLRb5LI8rqlMhiyRboItSmbGuAvaKgeT/9LJlA2wxA
VWiw4lSgYJ5JvxfrsidvWtJYen7RJYyo/HiIAT1OETBIdFFSmxr5ZQvHKojmi4En
R5z/7L6G5Xry7VE47tKbEGC3IeeojM9mjvDkpQoOfHfvoNbj1pw=
=OVwh
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


Current thread:

  • APPLE-SA-09-26-2023-6 Xcode 15 Apple Product Security via Fulldisclosure (Oct 02)

文章来源: https://seclists.org/fulldisclosure/2023/Oct/7
如有侵权请联系:admin#unsafe.sh