Xcode Apple Xcode

Do you want an email whenever new security vulnerabilities are reported in Apple Xcode?

Recent Apple Xcode Security Advisories

Advisory Title Published
HT212818 Xcode 13 Security Content September 20, 2021
HT212320 Xcode 12.5 Security Content April 26, 2021
HT212153 Xcode 12.4 Security Content January 26, 2021
HT211848 Xcode 12.0 Security Content September 16, 2020
HT211183 Xcode 11.5 Security Content May 20, 2020
HT211141 Xcode 11.4.1 Security Content April 15, 2020
HT211108 Xcode 11.4 Security Content March 24, 2020
HT210796 Xcode 11.3 Security Content December 10, 2019
HT210729 Xcode 11.2 Security Content October 31, 2019
HT210609 Xcode 11.0 Security Content September 20, 2019

By the Year

In 2021 there have been 1 vulnerability in Apple Xcode with an average score of 5.5 out of ten. Last year Xcode had 2 security vulnerabilities published. Right now, Xcode is on track to have less security vulnerabilities in 2021 than it did last year. Last year, the average CVE base score was greater by 3.30

Year Vulnerabilities Average Score
2021 1 5.50
2020 2 8.80
2019 9 8.24
2018 1 9.80

It may take a day or so for new Xcode vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Xcode Security Vulnerabilities

A path handling issue was addressed with improved validation

CVE-2021-1800 5.5 - Medium - April 02, 2021

A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7

CVE-2020-9992 7.8 - High - October 16, 2020

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case

CVE-2014-9390 9.8 - Critical - February 12, 2020

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

Improper Input Validation

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4

CVE-2019-8721 8.8 - High - December 18, 2019

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Improper Input Validation

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4

CVE-2019-8722 8.8 - High - December 18, 2019

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Improper Input Validation

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4

CVE-2019-8723 8.8 - High - December 18, 2019

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Improper Input Validation

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4

CVE-2019-8724 8.8 - High - December 18, 2019

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Improper Input Validation

A memory corruption issue was addressed with improved state management

CVE-2019-8738 7.8 - High - December 18, 2019

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.

Buffer Overflow

A memory corruption issue was addressed with improved state management

CVE-2019-8739 7.8 - High - December 18, 2019

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.

Buffer Overflow

A memory corruption issue was addressed with improved validation

CVE-2019-8800 7.8 - High - December 18, 2019

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

Buffer Overflow

A memory corruption issue was addressed with improved validation

CVE-2019-8806 7.8 - High - December 18, 2019

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

Buffer Overflow

A memory corruption issue was addressed with improved input validation

CVE-2018-4357 7.8 - High - April 03, 2019

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.

Buffer Overflow

An issue was discovered in certain Apple products

CVE-2018-4164 9.8 - Critical - April 03, 2018

An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider

CVE-2015-3185 - July 20, 2015

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

Permissions, Privileges, and Access Controls

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple Xcode
Product

subscribe