Home / mailings APPLE-SA-2019-12-10-7 Xcode 11.3
Posted on 11 December 2019
Apple Security-announceAPPLE-SA-2019-12-10-7 Xcode 11.3
Xcode 11.3 is now available and addresses the following:
ld64
Available for: macOS Mojave 10.14.4 and later
Impact: Compiling with untrusted sources may lead to arbitrary code
execution with user privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8840: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
Additional recognition
Clang
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
Xcode 11.3 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
