Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2020-09-16-5 Xcode 12.0

Related Vulnerabilities: CVE-2020-9992  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="39"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#40">By Date</a>
<a href="41"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="39"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#40">By Thread</a>
<a href="41"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2020-09-16-5 Xcode 12.0</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Wed, 16 Sep 2020 14:56:14 -0700


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-09-16-5 Xcode 12.0

Xcode 12.0 is now available and addresses the following:

IDE Device Support
Available for: macOS Mojave 10.15.4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen

Additional recognition

debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.

LLVM
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Installation note:

Xcode 12.0 may be obtained from:

<a rel="nofollow" href="https://developer.apple.com/xcode/downloads/">https://developer.apple.com/xcode/downloads/</a>

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 12.0".
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igoYACgkQZcsbuWJ6
jjA17g//cPW08TA+cwO7nyipcSTcXdovOMGJYoIrrupmdtm9+7tbq+9qXNbcbCCU
/w8TpNXAfoJd1CD8mLzzDlZcmf2uVg+F8/0I4VkzGCp8Z4GusehXa36otdpHA4n1
53awpj656xP4C27BdYxQfkQyWp4VQNrTmIIbppvn9Ozdmx2OqqynTpxSrTApu79m
PZEBvNIlWkint7d1Fr9+GVqJh1FtOSjrH2mn9tblIUcjUEifVZtMEP8NbN0OD6JS
n6W3ivUAoRDS7jQjLUnkzQcYzXnA9iRRaHWq3VppC6k1sg8DFqqIC0trXr3PyzpG
Q1fvY7QqCqppomQ1jSSUH0+bPemu2R3QSj1w/tbB481JUfPUvklPZgBuSVIBOu67
dRC49HjUjqP9jLkrFI6rgN+O76DZeImy0o7cnjVhdessMTzT8s7Dbu8d/4ixKVTA
uLkqR/240hywZXHa2CLffAJQiUfPx7fXde1u7vx/v0tZreCq3w9ScBOmegovILSS
/cx0wT8Od/LZiPYZgGh5yGFBP99qrKIYfX9yzRSynBGDfee4dXbitFm/fUy65zg8
Yjz4eSIoZqCl9PrsW0lXqOyTs2ozrPA7jD+VwaC1ZHzn6RjMB9zTmasxOrEbZ/XK
cJ/xv6Fef/H7/k6HG8TCxOK5xvp+ZhAZkL90jW33jvSRr2ovSjo=
=FOfL
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="39"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#40">By Date</a>
<a href="41"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="39"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#40">By Thread</a>
<a href="41"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2020-09-16-5 Xcode 12.0</strong> <em>Apple Product Security via Fulldisclosure (Sep 18)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started