Home / mailings APPLE-SA-2013-09-18-3 Xcode 5.0
Posted on 18 September 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-18-3 Xcode 5.0
Xcode 5.0 is now available and addresses the following:
Git
Available for: OS X Mountain Lion v10.8.4 or later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: When using the imap-send command, git did not verify
that the server hostname matched a domain name in the X.509
certificate, which allowed a man-in-the-middle attacker to spoof SSL
servers via an arbitrary valid certificate. This issue was addressed
by updating git to version 1.8.3.1.
CVE-ID
CVE-2013-0308
Xcode 5.0 is also available from the App Store. It is free to anyone
with OS X 10.8.x Mountain Lion and later.
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "5.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
