Home / mailingsPDF  

APPLE-SA-09-15-2025-12 Xcode 26

Posted on 16 September 2025
Apple Security-announce

APPLE-SA-09-15-2025-12 Xcode 26

Xcode 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125117.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Dev Tools
Available for: macOS Sequoia 15.6 and later
Impact: Processing an overly large path value may crash a process
Description: A path handling issue was addressed with improved
validation.
CVE-2025-43370: Nathaniel Oh (@calysteon)

Dev Tools
Available for: macOS Sequoia 15.6 and later
Impact: Processing an overly large path value may crash a process
Description: The issue was addressed with improved checks.
CVE-2025-43375: Nathaniel Oh (@calysteon)

Git
Available for: macOS Sequoia 15.6 and later
Impact: Cloning a maliciously crafted repository may result in remote
code execution
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-48384

IDE CoreML
Available for: macOS Sequoia 15.6 and later
Impact: An app may be able to read and write files outside of its
sandbox
Description: The issue was addressed with improved checks.
CVE-2025-43263: Mickey Jin (@patch1t)

Xcode
Available for: macOS Sequoia 15.6 and later
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2025-43371: Mickey Jin (@patch1t)

Additional recognition

Playgrounds
We would like to acknowledge Wojciech Regula of SecuRing
(wojciechregula.blog) for their assistance.

Xcode 26 may be obtained from:
https://developer.apple.com/xcode/downloads/. To check that the Xcode
has been updated: * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 26".

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP

Mailings :

Exploits :