Home / mailings APPLE-SA-2019-9-26-7 Xcode 11.0
Posted on 26 September 2019
Apple Security-announceAPPLE-SA-2019-9-26-7 Xcode 11.0
Xcode 11.0 addresses the following:
IDE SCM
Available for: macOS Mojave 10.14.4 and later
Impact: Multiple issues in libssh2
Description: Multiple issues were addressed by updating to version
2.16.
CVE-2019-3855: Chris Coulson
ld64
Available for: macOS Mojave 10.14.4 and later
Impact: Compiling code without proper input validation could lead to
arbitrary code execution with user privilege
Description: Multiple issues in ld64 in the Xcode toolchains were
addressed by updating to version ld64-507.4.
CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team
otool
Available for: macOS Mojave 10.14.4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
Installation note:
Xcode 11.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "11.0".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
