Apple has released a security update for Xcode 14.1 with fixes for multiple vulnerabilities.
A remote attacker could exploit these vulnerabilities to take control of an unpatched device.
The Apple Xcode 14.1 security update fixes the following four vulnerabilities:
- CVE-2022-29187: Git (Multiple issues in git)
- CVE-2022-39253: Git (Cloning a malicious repository may result in the disclosure of sensitive information)
- CVE-2022-39260: Git (A remote user may cause an unexpected app termination or arbitrary code execution if git shell is allowed as a login shell)
- CVE-2022-42797: IDE Xcode Server (An app may be able to gain root privileges).
No known public exploits in the wild were reported by Apple at the time of the advisory published on November 1, 2022. The update is available for macOS Monterey 12.5 and later.
Just over a week ago, Apple also released new macOS Ventura 13, along with security updates for Apple iOS 16.1, iOS 15.7, macOS Monterey 12.6.1, macOS Big Sur 11.7.1, Safari 16.1, tvOS 16.1, and watchOS 9.1. One zero-day iOS vulnerability CVE-2022-42827 was also fixed.
Readers can check out Apple’s Security Updates page for more details on the latest Apple updates.
- Apple releases new macOS Ventura 13, along with security updates for iOS zero-day and multiple Apple products
- Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)
- Apple patches vulnerabilities in iOS 16, iOS 15.7, macOS Monterey 12.6, Big Sur 11.7 and other products