Apple Security Advisory 2015-04-08-5 - Xcode 6.3 is now available and addresses stack guard bypass and an issue where Swift programs performing certain type conversions may receive unexpected values.
0ce20e707741564c131e8fe519a08c07acd797603c90739a11316436b9b16ac6-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-04-08-5 Xcode 6.3
Xcode 6.3 is now available and addresses the following:
Clang
Available for: OS X Mavericks v10.9.4 or later
Impact: An attacker may be able to bypass stack guards
Description: A register allocation issue existed in clang which
sometimes led to stack cookie pointers being stored on the stack
itself. This issue was addressed with improved register allocation.
Swift
Available for: OS X Mavericks v10.9.4 or later
Impact: Swift programs performing certain type conversions may
receive unexpected values
Description: A integer overflow issue existed in the simulator that
could lead to conversions returning unexpected values. This issue was
addressed by using improved checks.
CVE-ID
CVE-2015-1149
Xcode 6.3 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "6.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVJHMkAAoJEBcWfLTuOo7tXiwQAItddyjaYou2YXMjRu3dc1FR
W69zMBR1GHQHqwIG+Cy++dU9+cQMxRgJuMj5GJrcKBdUy36cOXvUEdLGvuikgrmc
jcxMDYVvDpvvjdY7N/PWq63w4zPllM+mJ8/n2vtOyHsSTesYu0JwhFGPkSqkN9jQ
JcJIU4Mk3IuftR3GW7ryUoWPjeL4ZLqRdYpgglSgYOXhpDYJd97Z2p28FPCQ6K6p
ww0uPFXc4RqM1S4EwZWofXfiuUmAR6gCz7sNjXlPsvWFhL4RF+ppnKsW34qA+zrU
rsbm/QcIimdzYUsOhsM993uN/l/EWmjuExZ7tJDjWD5PLJtztM2fAEBSs0+g/JSh
CFDDMOKUV6/jd0l/V1Y5/OaeR+D3/rx/nMXkwBzq5itYxfFBtzi3SfQ6VFHtfdxR
AoKwuijG4y6Ll3joeQ73Ub/UX8suLkKH+WFa1WqDEom6dbmkEuASamwJ45MLHMBV
x6vo2pL0mo/9/rCCEz5+qRncauRIVrOt+YwJSpILGqBYRi/61iwW3nIL1pg8jcdj
ovWYUzLq4tMhLGlg3VegE5AqaiAmruULqYozZ5CtkydJCdnxiSPjpIJYLYOctGF8
cVB9XvB2Z1UYV4GqG7oZxUJiEVOfveZZqmUH/b5tcPQBIKf6E/PAaNRZ3IJ1Tyle
1uiCuBgp/UXGDrxpxIDu
=rNdR
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed