漏洞类别:Local
漏洞等级: 
漏洞信息
Apple Xcode is a development application for Macintosh OS X.
A vulnerable version of Xcode was found on the target host.
The update resolves the following issues.
- An attacker may be able to bypass access restrictions through the Apache API.
- An attacker may be able to access restricted parts of the filesystem through the node.js send module.
- Multiple vulnerabilities in OpenSSL.
- Connections to Xcode Server may have been made without encryption.
- Build notifications may be sent to unintended recipients.
- Multiple vulnerabilities existed in svn versions prior to 1.7.19
漏洞危害
Successfully exploiting this vulnerability could allow an attacker to cause a denial of service condition or execute arbitrary code on the targeted host.
解决方案
Apple Xcode v7.0 has been released to address these issues.
The update can be downloaded and installed via Apple Developer.
Refer to Apple Security Update APPLE-SA-2015-09-16-2 for more information on these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论