About the security content of Xcode 16

This document describes the security content of Xcode 16.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Xcode 16

Released September 16, 2024

Git

Available for: macOS Sonoma 14.5 and later

Impact: Cloning a maliciously crafted repository may result in remote code execution

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2024-32002

Entry added October 28, 2024

IDE Documentation

Available for: macOS Sonoma 14.5 and later

Impact: A malicious application may gain access to a user's Keychain items

Description: This issue was addressed by enabling hardened runtime.

CVE-2024-44162: Mickey Jin (@patch1t)

IDE Tools

Available for: macOS Sonoma 14.5 and later

Impact: An attacker may be able to determine the Apple ID of the owner of the computer

Description: A privacy issue was addressed by removing sensitive data.

CVE-2024-40862: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Kernel

Available for: macOS Sonoma 14.5 and later

Impact: An app may gain unauthorized access to Bluetooth

Description: This issue was addressed through improved state management.

CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

Playgrounds

Available for: macOS Sonoma 14.5 and later

Impact: An app may be able to inherit Xcode permissions and access user data

Description: This issue was addressed with improved permissions checking.

CVE-2024-44228: Wojciech Regula of SecuRing (wojciechregula.blog)

Entry added October 28, 2024

Additional recognition

Reality Composer Pro

We would like to acknowledge Ron Masas of BreakPoint.sh for their assistance.

Swift

We would like to acknowledge Banavath Aravind for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Ngày đăng: