Menu
Apple patches vulnerable OS X Git version that put developers at risk

Apple patches vulnerable OS X Git version that put developers at risk

A month and a half later, Apple imports Git patches for critical remote code execution flaws

Apple has released a new version of its Xcode development tool in order to patch two critical vulnerabilities in the Git source code management client.

The Git vulnerabilities, CVE‑2016‑2324 and CVE‑2016‑2315, have been known since mid-March and can be exploited when cloning a repository with a specially crafted file structure. This allows attackers to execute malicious code on systems where such cloning operations were initiated.

Xcode is an integrated development environment (IDE) used by a large number of developers to write applications for OS X and iOS. It includes a package called the OS X Command Line Tools for Xcode that contains the open-source Git client.

The version of Git shipped with the command line tools package has now been updated to 2.7.4. This version was released by the Git developers on March 17, but it took Apple a month and a half to integrate into Xcode.

Some systems administrators criticized Apple last month for dragging its feet on importing the upstream patches for such serious flaws. In the absence of a fix, they had to resort to hackery in order to disable Git on Macs in their organizations, potentially breaking workflows.

The Command Line Tools package is not installed by default on OS X, but users can install it separately from Xcode itself. Systems who have it installed should receive an update notification through the Mac App Store.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments