APPLE-SA-2006-05-23 Xcode Tools 2.3

• Subject: APPLE-SA-2006-05-23 Xcode Tools 2.3
• From: Apple Product Security <email@hidden>
• Date: Tue, 23 May 2006 14:53:38 -0700
• Delivered-to: email@hidden
• Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2006-05-23 Xcode Tools 2.3

Xcode Tools 2.3 is now available.  Along with functionality
improvements (see release notes), it also fixes the following
security issue:

WebObjects
CVE-ID:  CVE-2006-1466
Available for:  Mac OS X v10.4 and later
Impact:  If you install WebObjects developer tools, remote
attackers may be able to obtain or modify WebObjects projects
while Xcode is running
Description:  The WebObjects Xcode plug-in provides the ability
to manipulate projects through a network service. This service
is accessible to remote systems while Xcode is running. This
update addresses the issue by limiting this service to the local
system. This issue does not affect default installations of
Xcode Tools. Only systems with the WebObjects plug-in installed
are affected. Credit to Mike Schrag of mDimension Technology
for reporting this issue.

Xcode Tools 2.3 may be obtained from:
http://developer.apple.com/tools/download/

The download file is named:  "xcode_2.3_8m1780_oz693620813.dmg"
Its SHA-1 digest is:  aa768c0fb979eeb11c29f177f68c763fab14ea3f

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRHN0x4mzP5/bU5rtAQiQWAgAxi6ZaXuDsUe193U7AMZ6QXvjfsHm8ZiW
QgTKmZz9kGzriS1nlepxSkNkCe5yWYLkrJ5qNQb7DTj1Gya+7clMHdWX/2fY56eS
PLQ0V3K/0bhRO5qvpQGjeOFX77gxmhYtphWH3X+HhYPEzjVkWc6+11tyvwqGtP52
DJvDbytpqVlmlaGkKGQ5b2PhdlzZEuiqKNtzVvn0EN/1vM7/Ic93YAGkkn19K2Uh
Jv4KhPWoj+52cL92Pp4GdjtRcdXr0Iw3rxtBW5/BU8XNat44+qmR9gm9hvZL6O84
aacs6vRHa29xekwn+VK56DpIrA96LlafzFWDE6TJFKp31Z2nAb5g2Q==
=DWIH
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

• Prev by Date: APPLE-SA-2006-05-11 Security Update 2006-003
• Previous by thread: APPLE-SA-2006-05-11 Security Update 2006-003
• Index(es):
  • Date
  • Thread