Menu
Apple patches vulnerable OS X Git version that put developers at risk

Apple patches vulnerable OS X Git version that put developers at risk

A month and a half later, Apple imports Git patches for critical remote code execution flaws

Apple has released a new version of its Xcode development tool in order to patch two critical vulnerabilities in the Git source code management client.

The Git vulnerabilities, CVE‑2016‑2324 and CVE‑2016‑2315, have been known since mid-March and can be exploited when cloning a repository with a specially crafted file structure. This allows attackers to execute malicious code on systems where such cloning operations were initiated.

Xcode is an integrated development environment (IDE) used by a large number of developers to write applications for OS X and iOS. It includes a package called the OS X Command Line Tools for Xcode that contains the open-source Git client.

The version of Git shipped with the command line tools package has now been updated to 2.7.4. This version was released by the Git developers on March 17, but it took Apple a month and a half to integrate into Xcode.

Some systems administrators criticized Apple last month for dragging its feet on importing the upstream patches for such serious flaws. In the absence of a fix, they had to resort to hackery in order to disable Git on Macs in their organizations, potentially breaking workflows.

The Command Line Tools package is not installed by default on OS X, but users can install it separately from Xcode itself. Systems who have it installed should receive an update notification through the Mac App Store.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments