APPLE-SA-03-24-2026-10 Xcode 26.4
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读这篇文章,理解它的主要内容。 看起来这篇文章是关于苹果的安全更新公告,特别是Xcode 26.4版本。里面提到了两个主要的安全问题:一个是otool组件的越界读取漏洞,另一个是Simulator的权限问题。这两个漏洞都可能被恶意应用利用,导致系统崩溃或读取任意文件。 然后,文章还提到了CVE编号和发现漏洞的研究人员。此外,苹果提供了更新链接和检查更新的方法,并且用PGP签名来确保信息的可信度。 现在我要把这些信息浓缩到100字以内。首先说明Xcode 26.4修复了两个安全漏洞:otool的越界读取和Simulator的权限问题。然后提到CVE编号和研究人员,最后说明如何获取更新和验证签名。 这样应该能全面覆盖主要内容,同时符合用户的字数要求。 </think> Apple发布Xcode 26.4修复两个安全漏洞:otool组件越界读取可能导致系统崩溃,Simulator权限问题可能被用于读取任意文件为root。 CVE编号分别为2026-28890和2026-28889,修复版本可通过开发者官网下载,并可通过菜单栏检查更新。 2026-3-29 03:11:13 Author: seclists.org(查看原文) 阅读量:4 收藏
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读这篇文章,理解它的主要内容。 看起来这篇文章是关于苹果的安全更新公告,特别是Xcode 26.4版本。里面提到了两个主要的安全问题:一个是otool组件的越界读取漏洞,另一个是Simulator的权限问题。这两个漏洞都可能被恶意应用利用,导致系统崩溃或读取任意文件。 然后,文章还提到了CVE编号和发现漏洞的研究人员。此外,苹果提供了更新链接和检查更新的方法,并且用PGP签名来确保信息的可信度。 现在我要把这些信息浓缩到100字以内。首先说明Xcode 26.4修复了两个安全漏洞:otool的越界读取和Simulator的权限问题。然后提到CVE编号和研究人员,最后说明如何获取更新和验证签名。 这样应该能全面覆盖主要内容,同时符合用户的字数要求。 </think> Apple发布Xcode 26.4修复两个安全漏洞:otool组件越界读取可能导致系统崩溃,Simulator权限问题可能被用于读取任意文件为root。 CVE编号分别为2026-28890和2026-28889,修复版本可通过开发者官网下载,并可通过菜单栏检查更新。 2026-3-29 03:11:13 Author: seclists.org(查看原文) 阅读量:4 收藏
Full Disclosure mailing list archives
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 24 Mar 2026 17:06:07 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-24-2026-10 Xcode 26.4 Xcode 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126801. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. otool Available for: macOS Tahoe 26.2 and later Impact: An app may be able to cause unexpected system termination Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2026-28890: Nathaniel Oh (@calysteon) Simulator Available for: macOS Tahoe 26.2 and later Impact: An app may be able to read arbitrary files as root Description: A permissions issue was addressed with additional restrictions. CVE-2026-28889: Mihai Marin Additional recognition Dev Tools We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance. otool We would like to acknowledge Eddy T for their assistance. Swift We would like to acknowledge Banavath Aravind for their assistance. Xcode 26.4 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 26.4". All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmnDI48ACgkQ4Ifiq8DH 7PUtRg/+K3DU37tAHl9h/wfU7fO6J/I8YhzMGU6tcLK4b/9UG/16/qOwIUVLd9ML mCrEQY3hevwMyA+ki0HRmE0aiNTtGiFlpxNxhsyo3p6QDMXR4xyPjyFFdOcjUfKI kDHTg0NoCZWi63+hpGHhP3emCAr9/rDnOwtbUDrl57UaCc05HPydZ40ggNxz9S2/ wh6ZrXPKlQHDBYQcmRV1TkqcdpyCJqNNIG2N+SBH489easlDXfQf5AS1Go3otDbU MwviuKhN4DDPbcV+SXVJjJR/NQzmWFO5RuFvjkFTh/Z7Xi9HQY1Ytkekwl/LfNDw OdC1aMu7CxKe4ZmC3fcOEOoriVDXVqORm3fmu1h5e9q/aJgJJy/0Rsu6hvec0yqJ SJOv+oVAlQalZF23XYDm71vM0GdFS6jXkjAcDyeUIgK4a1xSNCln0fH/TEW4V+2f plLWU8xirJ2vB+DO8+E6+Kg9WYDr63a8Tr0sNV0J42SwSbk3FLvsStEIgFIcm6HI 9SOyFWp3Jc8bFBmuOjiXFn9IBtkX6FT6TSWdDCIisdeilIcXHLRNa6Iljzn2kGqP LmdGIbsSlggvy9thXIQ/t0ri2CL22aV6vV1Qjl1UW/i/vTtBA75ydroiyUhvo+If dbSuto6QwxoTbULDd+lyHgRmJ4irQcOsJerFDI0k7Ju03n0hvdQ= =YITA -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-03-24-2026-10 Xcode 26.4 Apple Product Security via Fulldisclosure (Mar 28)
文章来源: https://seclists.org/fulldisclosure/2026/Mar/25
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh