Apple Rolls Out Xcode Update Patching Git Vulnerabilities


This week, Apple released a security update for the Xcode macOS development environment to address three Git vulnerabilities, one of which allowed for arbitrary code execution. By leveraging particular variables, an attacker might execute arbitrary commands on the shared system by using configuration files they created in the malicious.git directory.

The first problem, CVE-2022-29187, is a variation of CVE-2022-24765, a fault affecting users on multi-user machines where “a malicious actor might build a.git directory in a shared location above a victim’s current working directory.” Read More…