Apple Xcode < 7.3.1 Multiple RCE (Mac OS X)
Critical Nessus Plugin ID 91262
SynopsisAn application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.
DescriptionThe version of Apple Xcode installed on the remote Mac OS X host is prior to 7.3.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Git due to overflow conditions in the path_name() function in revision.c that are triggered when pushing or cloning a repository with a large filename or containing a large number of nested trees. A remote attacker can exploit these issues to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
SolutionUpgrade to Apple Xcode version 7.3.1 or later.