• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2022-03-14-7 Xcode 13.3
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2022-03-14-7 Xcode 13.3

  • Subject: APPLE-SA-2022-03-14-7 Xcode 13.3
  • From: Apple Product Security via Security-announce <email@hidden>
  • Date: Mon, 14 Mar 2022 17:13:11 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-03-14-7 Xcode 13.3

Xcode 13.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213189.

iTMSTransporter
Available for: macOS Monterey 12 and later
Impact: Multiple issues in iTMSTransporter
Description: Multiple issues were addressed with updating FasterXML
jackson-databind and Apache Log4j2.
CVE-2019-14379
CVE-2021-44228

otool
Available for: macOS Monterey 12 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22601: hjy79425575
CVE-2022-22602: hjy79425575
CVE-2022-22603: hjy79425575
CVE-2022-22604: hjy79425575
CVE-2022-22605: hjy79425575
CVE-2022-22606: hjy79425575
CVE-2022-22607: hjy79425575
CVE-2022-22608: hjy79425575

Additional recognition

iTMSTransporter
We would like to acknowledge Anthony Shaw of Microsoft for their
assistance.

ld64
We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba
Security Pandora Lab for their assistance.

Xcode IDE
We would like to acknowledge an anonymous researcher for their
assistance.

Xcode 13.3 may be obtained from:
https://developer.apple.com/xcode/downloads/  To check that the Xcode
has been updated:  * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 13.3".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxkACgkQeC9qKD1p
rhgTfRAA389W9ZYj+RMeet6hyBYIeftGEUGKTwm4K5Ufo4RJTumsdRB+ivJz8Oed
EFCRcyWHwnM5BZ+ufWnOf1BAijmd1SjlIUwl2zs9SyuULPMybucXKRMfnA2SYgEx
ysNlljwsnS7/udREPfMQoJ2gIGYrISt0TxitZnRE9a7mD3r13KwyY3DpjnOxRavL
op5AypLkovUA4ljmsLMgIjTHWt4dyDMPCJB/sRchxBDG5tzxcAZvKA/TkvCDMwiF
z3yq4yN4ESXo3p9p3KD4bQmGD16dZ7TuxKuCfZpVKT1bFP8wWAHUhY3S7vJ9GDS+
6cShJ1oIk4/3FFeo98SEgKn8wE1p15DM4DxaqVcWvPuLNpzipQlcmyuicgntZBmO
2wBZED2pfewMiMy+CeX0jDWj6m79cW3g30TYS0P5QQOcWcRme63acE4wJ31uawd2
6jZfYpnpvw6dSsouBcCcZT9sNOuV8r9l5XePJQu37UGjmZuESuLgfZdiymaQunOl
f/mPe+C+KgBJ3MEEqbEoU4CqWC/pGtQtyMpepyYdiN14pDLhbhaeJ1T/XDc5O4OB
qqNyHocYAm1LUBgEspbHa1EtHQlDk1i5iWGwQMMaLkenKGzlf00bU0hYPISXH8oi
am4a0XUz6Y7AjY+TyRU/tuwaIiuzoUIDNELsJPm7PA+QiF370XI=
=cKC5
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina
  • Next by Date: APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3
  • Previous by thread: APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina
  • Next by thread: APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3
  • Index(es):
    • Date
    • Thread