APPLE-SA-09-15-2025-12 Xcode 26
APPLE-SA-09-15-2025-12 Xcode 26
- Subject: APPLE-SA-09-15-2025-12 Xcode 26
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Mon, 15 Sep 2025 16:38:13 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-09-15-2025-12 Xcode 26
Xcode 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125117.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Dev Tools
Available for: macOS Sequoia 15.6 and later
Impact: Processing an overly large path value may crash a process
Description: A path handling issue was addressed with improved
validation.
CVE-2025-43370: Nathaniel Oh (@calysteon)
Dev Tools
Available for: macOS Sequoia 15.6 and later
Impact: Processing an overly large path value may crash a process
Description: The issue was addressed with improved checks.
CVE-2025-43375: Nathaniel Oh (@calysteon)
Git
Available for: macOS Sequoia 15.6 and later
Impact: Cloning a maliciously crafted repository may result in remote
code execution
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-48384
IDE CoreML
Available for: macOS Sequoia 15.6 and later
Impact: An app may be able to read and write files outside of its
sandbox
Description: The issue was addressed with improved checks.
CVE-2025-43263: Mickey Jin (@patch1t)
Xcode
Available for: macOS Sequoia 15.6 and later
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2025-43371: Mickey Jin (@patch1t)
Additional recognition
Playgrounds
We would like to acknowledge Wojciech Regula of SecuRing
(wojciechregula.blog) for their assistance.
Xcode 26 may be obtained from:
https://developer.apple.com/xcode/downloads/. To check that the Xcode
has been updated: * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 26".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmjInQgACgkQ4Ifiq8DH
7PVaEA//TRXJnXHFbkQn4dObasnHUTx5zJRyDmyJNAn9DoYiyxrcaWZZKiI9BjGr
uslUeFCFMrKYU93mVQQEWKbovNOGYE0F74a1wEFzqBQjR5NAVTHYZwHg//sLmZ9X
KjXetJQTkMEGUBgCoCNq5kaVojnwCYchTIJUQQLm60TY547gp4iMR9QFzN2glJ8j
DVapQdtkXJuh37rQ3u+4fxk6BpX6CoFFa2etvN6QVS+luhPanzv1XDQ1iqNcCPjv
6OV1GcbJuhuw0HVag9ZfTzqdh0MpXNqZ4rmn7TDX7S1mJKCQJw7C7GCb0NYsXSQG
XZes61/sdzZgjV9ZBjG1tqxyg+A6TO+4Qpzc71QhwO9DK4CI/lKfQkxoxb68Rvn9
U8V5AKKgFBKDIexU2B/kyftdCyYLj2daZX9kSA9DrLoneEe12APViyWeX0orTR06
pdIzCnctIK6zoFFvB/G0zQBzrYzRvEZOZxgjg9urHSeg2sQdMU1rfntDHbya/kz3
ttyDzwcNAK9IaKdS9+JRQqvtQZ/fJX6aaOAqyGNyCI8yC4Lhs6iSuEm+3WG1fkri
jecHdFKVPs5o+6Ao4epICtr4tE9i+i69zXCGOAm0rxrCkiwibsEoEUCW+n7+iyBq
0LdH9awqTf4vVV1X0yY4Ssnm0uLgPUcCVd6dgDWNXo+z3mZ3++k=
=NVSo
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden