-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-19-3 Xcode 9 Xcode 9 is now available and addresses the following: Git Available for: macOS Sierra 10.12.6 or later Impact: Checking out a maliciously crafted repository may lead to arbitrary code execution Description: An ssh:// URL scheme handling issue was addressed through improved input validation. CVE-2017-1000117 ld64 Available for: macOS Sierra 10.12.6 or later Impact: Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7076: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-7134: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-7135: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-7136: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-7137: riusksk (ae3aY=) of Tencent Security Platform Department subversion Available for: macOS Sierra 10.12.6 or later Impact: Checking out a maliciously crafted repository may lead to arbitrary code execution Description: An input validation issue was addressed through improved input validation. CVE-2017-9800 Installation note: Xcode 9 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "9". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZwVI5AAoJEIOj74w0bLRG//MQAMZhTTHk4DQEuoWwW7U63c+R TVo7gRf4AVVQWJ+4FU4fT/I0l8IuxhTOfG14+sumHtsOIQV0evsAGeA9k4+RAgo8 N1DIJ3mZxYobd8KfP0DXt8fX4yfjYtLmTDJqMRvGZ6765UK+ctRQYCuN/+TWR0BM CyU6UqVQVhN+Z/Lgg8CnK2KTFbykMCHgZ7EYrwIhY3z9SvOiFCakXxUlZkLcziov 7Mkr/BKv6YlMVB+r/keuifLn2fOxa51Ic+k/n1Vb5wBmOEA2DH0w8NaBJeA/aPNd Cgwj750S0gjPG7Zk/IAOy17TJJzor2Ewrvb6wNQB5zzb32TScw58mOzydyLg0jBl j0D1k7d2+f31utzkT9gcvkq6490HginWdmUzwXuZV8dMz/Bwc4dJlF7u9gXBGrZe SymSagb28TxFVZHHO7nOVuydmafgB4tSJ9yQq4vASDbOso0pScPuAw6FhpPBaKb+ IiLpYJOOO2pJpSfgq0Z3U/rV7X2WBGcRJoJLYNXVQyyyCEXmMIAzEurn3nXUh75f LKMZxT1i3Q37KfSxOmx3o7bh9MeE3/FrZQsYRFunCAESAxn3s+JoF+EMXSjC0k5V t5mz1t+qaPkI1cQYXRxi/PwfcXUqNtXwdngrr3dVXqL8V+Yx9oVWQiC1OB60aP4i qcRPihCW7/qqjks6q8Ew =Bzk4 -----END PGP SIGNATURE-----