site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2006-05-23 Xcode Tools 2.3 Xcode Tools 2.3 is now available. Along with functionality improvements (see release notes), it also fixes the following security issue: WebObjects CVE-ID: CVE-2006-1466 Available for: Mac OS X v10.4 and later Impact: If you install WebObjects developer tools, remote attackers may be able to obtain or modify WebObjects projects while Xcode is running Description: The WebObjects Xcode plug-in provides the ability to manipulate projects through a network service. This service is accessible to remote systems while Xcode is running. This update addresses the issue by limiting this service to the local system. This issue does not affect default installations of Xcode Tools. Only systems with the WebObjects plug-in installed are affected. Credit to Mike Schrag of mDimension Technology for reporting this issue. Xcode Tools 2.3 may be obtained from: http://developer.apple.com/tools/download/ The download file is named: "xcode_2.3_8m1780_oz693620813.dmg" Its SHA-1 digest is: aa768c0fb979eeb11c29f177f68c763fab14ea3f Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRHN0x4mzP5/bU5rtAQiQWAgAxi6ZaXuDsUe193U7AMZ6QXvjfsHm8ZiW QgTKmZz9kGzriS1nlepxSkNkCe5yWYLkrJ5qNQb7DTj1Gya+7clMHdWX/2fY56eS PLQ0V3K/0bhRO5qvpQGjeOFX77gxmhYtphWH3X+HhYPEzjVkWc6+11tyvwqGtP52 DJvDbytpqVlmlaGkKGQ5b2PhdlzZEuiqKNtzVvn0EN/1vM7/Ic93YAGkkn19K2Uh Jv4KhPWoj+52cL92Pp4GdjtRcdXr0Iw3rxtBW5/BU8XNat44+qmR9gm9hvZL6O84 aacs6vRHa29xekwn+VK56DpIrA96LlafzFWDE6TJFKp31Z2nAb5g2Q== =DWIH -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com