Apple has released a new version of Xcode, a tool used by app developers for Apple devices, which contains two security fixes. Xcode 7.3.1 patches a heap-based buffer overflow flaw in which an attacker may be able to execute arbitrary code and effectively take control of the machine.
Xcode 7.3.1 is available for OS X El Capitan 10.11 and later, and addresses two vulnerabilities. Apple’s security bulletin describes the impact of its Xcode security update as follows:
Details of the patched vulnerabilities are as follows:
- CVE-2016-2324 : Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
- CVE-2016-2315 : revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.