APPLE-SA-11-03-2025-9 Xcode 26.1
Apple发布Xcode 26.1更新,修复GNU和lldb组件中的安全漏洞。 GNU模块存在堆溢出风险,可能导致恶意文件攻击;lldb模块有缓冲区溢出问题,可能引发拒绝服务攻击。 更新已发布,可通过指定链接下载并验证版本信息。 2025-11-7 13:44:52 Author: seclists.org(查看原文) 阅读量:9 收藏
Apple发布Xcode 26.1更新,修复GNU和lldb组件中的安全漏洞。 GNU模块存在堆溢出风险,可能导致恶意文件攻击;lldb模块有缓冲区溢出问题,可能引发拒绝服务攻击。 更新已发布,可通过指定链接下载并验证版本信息。 2025-11-7 13:44:52 Author: seclists.org(查看原文) 阅读量:9 收藏
Full Disclosure mailing list archives
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Mon, 03 Nov 2025 17:35:45 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-11-03-2025-9 Xcode 26.1 Xcode 26.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125641. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. GNU Available for: macOS Sequoia 15.6 and later Impact: Processing a maliciously crafted file may lead to heap corruption Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2025-43505: Nathaniel Oh (@calysteon) lldb Available for: macOS Sequoia 15.6 and later Impact: A user in a privileged network position may be able to cause a denial-of-service Description: A buffer overflow was addressed with improved bounds checking. CVE-2025-43504: Nathaniel Oh (@calysteon) Xcode 26.1 may be obtained from: https://developer.apple.com/xcode/downloads/. To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 26.1". All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkJTf4ACgkQ4Ifiq8DH 7PW4Lg//Uh2XAlBJDaLyrM+ZBiY4pi1/axxGtD/si573Mx94+yCThTAMUBPN8f+G OfxtLzfiKscw/NDnZY6Y2jiO6E3MCFVoMAhWVYBP72jtJtM1AhlD5RTLinqClJ6N A23DgTzvNx49F4TJZbNZeGgbZueUjJECGZV3DzbnZ8lZamXpqyJaFHx2JSe45AXO b1aJGR33LJeOQ/AqjuYPrbUQZMuzt8++4LN1GyZtv7BomfuMuuWizGA68mWUsj4h Pi4vjdMfGGzdjTEtFuy+vcSp/b/uaaDq1f5RpzE6c89NLlhk2e+0l03RlGSqnHjo H2w/mMwuQXU9Czs/uptlSvW4DLMmDuLROqDvywoeiyIhG7GfOq4B0fcsJA5n7Qmn oM3N7BDSkrddDznLA7FHDJCrRpF7LPtSCEDMH9xLeYuqetPKJH3YpsqMof537CWb QJIHuP6pqrNsCibySu34kpPgZxby1EYIXw81R5vy4hosnp6MDNXXo5aFz2sKag/M Pufdit/9+ZpBIiu7bY/rlQxdcehguTwMNrjECGEk5cP2h9YVWq6l4tzc2u1K/yjC dovQ+PGCTCuLc0uqCymDGlTj4hd/PgASLyZeH2X+y3zCy9c/ZEiNxP0qkKX9Q7pa gpkg0t69YJPU1gKMnGOfUdq00Y++SRgg6FP4n/UNLwIt5kSpHvE= =X7ne -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-11-03-2025-9 Xcode 26.1 Apple Product Security via Fulldisclosure (Nov 07)
文章来源: https://seclists.org/fulldisclosure/2025/Nov/10
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh