[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] APPLE-SA-09-26-2023-6 Xcode 15
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2023-09-26 21:31:09
Message-ID: BA8B8A37-EF43-4D50-AE9C-9BD7334E1E24 () lists ! apple ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-09-26-2023-6 Xcode 15
Xcode 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213939.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Dev Tools
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2023-32396: Mickey Jin (@patch1t)
GPU Drivers
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security
iTMSTransporter
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to access App Store credentials
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-40435: James Duffy (mangoSecure)
Xcode 15 may be obtained from:
https://developer.apple.com/xcode/downloads/ To check that the Xcode
has been updated: * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 15".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJgACgkQX+5d1TXa
IvrnUhAAnpI05QaADKuxrzNT8qK0AnI99sCvI1G+nRpN7FhvwAnBmMSiKPBNmpLb
o79j75mhDYSJiojeiBR+YJBFWZUoeKWcaa4TnXWfM8CndzqAnzf7wdAoXjOsv7Li
+e701hE3f2tsMIMhcHszvC//gVzCZotrLKCGn4bxGP4E7x4lkjj5IB9a4XxAVsgr
OoDignacVkUmrys1nuqyWIsLDk1rAYvikqA03SmG2mRhTp86O6BhyJNHRfftEfmH
ppD3kFlihLPUGwvqOULoNnxCkL1vlk9qt0VPQxDHZsEq6hW4/RqrHGBErDeAImhI
0m8jOQ9raP8vAxT8tp4r86HQZBs6RDBsX8J8EwerUfW6eCoO0QRsWt9/JTbPHpxW
MPIndWwwucJ/bC4nchOUKs3LzkRXZrmtuevvt4Z4A1pbhOYqPCojT+X/JD/7qtEm
A/vJAO+75p8uJWn/BCF1sTzX68qMRoJUnHtOYjwgGzYZ7fg4oQVv8oIIzfxqZxiE
pM6FdVbxbpvnpleTRvaqpjRLRb5LI8rqlMhiyRboItSmbGuAvaKgeT/9LJlA2wxA
VWiw4lSgYJ5JvxfrsidvWtJYen7RJYyo/HiIAT1OETBIdFFSmxr5ZQvHKojmi4En
R5z/7L6G5Xry7VE47tKbEGC3IeeojM9mjvDkpQoOfHfvoNbj1pw=
=OVwh
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic