Home / mailings APPLE-SA-03-24-2026-10 Xcode 26.4
Posted on 25 March 2026
Apple Security-announceAPPLE-SA-03-24-2026-10 Xcode 26.4
Xcode 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126801.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
otool
Available for: macOS Tahoe 26.2 and later
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2026-28890: Nathaniel Oh (@calysteon)
Simulator
Available for: macOS Tahoe 26.2 and later
Impact: An app may be able to read arbitrary files as root
Description: A permissions issue was addressed with additional
restrictions.
CVE-2026-28889: Mihai Marin
Additional recognition
Dev Tools
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.
otool
We would like to acknowledge Eddy T for their assistance.
Swift
We would like to acknowledge Banavath Aravind for their assistance.
Xcode 26.4 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 26.4".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
