Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3157 APPLE-SA-2021-09-20-4 Xcode 13 21 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xcode Publisher: Apple Operating System: Mac OS Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-20372 CVE-2018-16845 CVE-2018-16844 CVE-2018-16843 CVE-2017-7529 CVE-2016-0747 CVE-2016-0746 CVE-2016-0742 Reference: ESB-2021.0845 ESB-2020.4433 ESB-2020.2285 ESB-2020.1701 Original Bulletin: https://support.apple.com/HT212818 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-4 Xcode 13 Xcode 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212818. IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 Installation note: Xcode 13 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI880ACgkQeC9qKD1p rhi5rxAAqgkRqhCrjfyYk3/mXQHkhqnIFVq0TH8wZgKheA2SrEeOHJJrtGTJkfeq u8oIhXNfKdp7Og62PfAkN4NFVvrZHsg2r5b0a6sJzZvHLYkXEw78zVaHEjLI+lyt +cO2D24ZhPXigJWe+v8eRwhmIajJ75n17adcyHgzMB8Q+bEHlVugK5fETZFXrkFA PsBDBE5bOJf1fVjr59i+SWV5xG/nKJIl9J0mV/1pQDbPhpWhhMIgTckn1RExH2xZ NArhNeSYkEQ2xDI8ZLb9v17+VMTeOQj3+1QPhjDzRizepL8sWLRD9Zxd74QohovY KDOvAgmt3hbD8XF3ZsQKtcJnIIIL+wCC9RWRtLt8V5kkAwdmSLiCbd3kej6CrXSK 333jEmnQIEO3wm7yYTZflOKXyrT74wPxCKtxV/FnWr/rL+gqSJgej0mnxcnuL875 p1nhbXFUOjJJsPhA38BNjFrxRG8ajGguhqVWEbrkoU4X+Zvj6IQpDPMsXvAq6GxW a/+oWGWtFQQ3MZN5++4QI14TPp8TK/RJQ64eg6hfICQ/OQnhhBHasWwaII7IH4OY LRVpruY42boHJoqR+mvouByjPQ61ybYdgoasuhnMvp5RhovXyor1tXQ0yqy9yz7a /YZ2sUStCuSNLK3MXBhGSXwGtLS02yDwBckTl9CmHvDU+T0YHrA= =4uM6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUlDaONLKJtyKPYoAQgIjg/+PpLnobFfxB9EdFjo11jP+zzHjnmLcq3p bbywnodnP8KFGVVnwPVMprCOKbdaCqZbZl4qGJx+t9Y0+OJKGMSVMm6vRUulPx8x 6iSzKyJlLPRq8jfNOGGRdi6DfS4gRB6Um097WJFCdKU9NqqjEf4+aJ6WBvY9qvhl r0inNGFAbjOtokw01mJqoJ59fhGCJTnQsBbvt8X0XSmQ1cfw5Q/W3rvnSJkbgEQy 7EolcW1T2JioHz0ZdKqk55wX1u9mXwzxLz3VwoLAxuwXqvM8Bp88rPXwuQc1+ijr LtS2YHmZI6M6JvRr8oNBPC8NFiu9jy+xKombf23OjyCehK67QJEbBrXmbJca9wEy zqz1Dv1Ly1UznUjqCu+8iCib2Q4ME3xZlHUcJvISIHKErb9Eu//BkAzDhtohpMH9 vpnXneCwftEN1/fAmuDZCj8aATztWvo8woM+cXCp3bKpH2uPLMtNluXfSaaDP9vT WssNLIe332/BOgkFvx1niQKphk1jycur0Rb8a35t1QwS69YDHCJFPJrapCy/S/+1 AfyBkD1vdrg2qe5WGDh3YVV3Y8cw/q/TPYddk1IODb/yMy0fzcgV8qjlx5H0KFTB ZoDXWT7HzT96yt59HVsnu4gDiXTm7LHpS5TCdQJZl6o4dF7FeFxaGoEVtnS7tykd O1fj56z7ndE= =LcY3 -----END PGP SIGNATURE-----