Apple Xcode < 7.2 Multiple Vulnerabilities (Mac OS X)
Critical Nessus Plugin ID 87737
SynopsisThe remote Mac OS X host has an application installed that is affected by multiple vulnerabilities.
DescriptionThe version of Apple Xcode installed on the remote Mac OS X host is prior to 7.2. It is, therefore, affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist due to a flaw in the otools component that is triggered when handling Mach-O files. A remote attacker can exploit these vulnerabilities to execute arbitrary code. (CVE-2015-7049, CVE-2015-7057)
- A flaw exists in the IDE SCM due to the .gitignore directive not being honored. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2015-7056)
- A remote code execution vulnerability exists due to a flaw in git-remote-ext that is triggered when handling a specially crafted URL. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
SolutionUpgrade to Apple Xcode version 7.2 or later.