CVE-2015-5910

IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2015-5909

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery...

Design/Logic Flaw

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery...

Code injection

IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2015-5910

IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2015-5909

CVE-2015-5909 affects the IDE Xcode Server component of Apple Xcode prior to 7.0. The root cause is insufficient access restriction on repository email lists, allowing a remote, unauthenticated attacker to obtain potentially sensitive build information via incorrect notification delivery. Impact ...

CVE-2015-5910

Apple Xcode IDE Xcode Server prior to version 7.0 is affected by CVE-2015-5910: server traffic is transmitted in cleartext, allowing remote attackers to sniff sensitive information. Affected product: IDE Xcode Server within Apple Xcode. Root cause: unencrypted server communications. Impact: poten...

CVE-2015-5909

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery...

使用非官方渠道 Xcode 开发 App 造成的后门 (XcodeGhost)

经过对存在问题的应用进行 http 请求包进行抓取结果如下图 可以发现往 http://init.icloud-analysis.com 以POST的方式发送了数据, 而上述url则正是被爆出用于恶意收集用户信息的url 同时，XcodeGhost 病毒还可以在未越狱的 iPhone 上伪造弹窗进行钓鱼攻击，其生成的对话窗口仿真度非常高，很难辨别，因此用户如果在之前输入过iTunes密码，那么一定要尽快进行修改。 受影响部分应用列表： 微信IOS - 6.2.5 12306 - 2.12 滴滴出行 - 4.0.0.6 滴滴打车 - 3.9.7 高德地图 - 7.3.8 同花顺 -...

Apple OS X Yosemite IDE Xcode Server Encryption Issue Vulnerability

OS X Yosemite is the new generation of Mac operating system and IDE Xcode Server is an integrated development tool. The IDE Xcode Server in OS X Yosemite has a cryptographic issue vulnerability that can be exploited by an attacker to access the traffic Xcode Server...

Apple Releases Security Updates for OS X Server, iTunes, Xcode, and iOS

Apple has released security updates for OS X Server, iTunes, Xcode, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OS X Server v5.0.3 for OS X Yosemite v10.10....

OS X Install.framework suid Helper Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root: -rwsr-sr-x ...

Apple Mac OSX - Install.framework suid Helper Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root: -rwsr-sr-x 1 root wheel 113K Oct 1 2014 runner Taking a look at i...

APPLE-SA-2015-04-08-5 Xcode 6.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-04-08-5 Xcode 6.3 Xcode 6.3 is now available and addresses the following: Clang Available for: OS X Mavericks v10.9.4 or later Impact: An attacker may be able to bypass stack guards Description: A register allocation issue existed in...

Apple Xcode LLVM CLANG stack-guard security protection bypass vulnerability

Apple Xcode is a programming software developed by Apple and is the quickest way for developers to build OS X and iOS applications. A security vulnerability exists in the Apple Xcode LLVM CLANG stack-guard, which allows an attacker to bypass the stack-protection mechanism and execute malicious co...

Apple Xcode Swift Integer Overflow Vulnerability

Apple Xcode is a set of integrated development environments provided to developers by Apple, Inc. that are primarily used to develop applications for Mac OS X and iOS.Swift is a programming language used to develop Mac OS X and iOS applications. An integer overflow vulnerability exists in the...

CVE-2015-3027

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...

Sql injection

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...

UBUNTU-CVE-2015-3027

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...

CVE-2015-1149

Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion...