var-201512-0155
Vulnerability from variot

IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. Apple Xcode is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. There is a security vulnerability in the IDE SCM of Apple Xcode 7.1.1 and earlier versions. The vulnerability stems from the fact that the program does not correctly identify the .gitignore file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2015-12-08-6 Xcode 7.2

Xcode 7.2 is now available and addresses the following:

Git Available for: OS X Yosemite v10.10.5 or later Impact: Multiple vulnerabilities existed in Git Description: Multiple vulnerabilities existed in Git versions prior to 2.5.4. These were addressed by updating Git to version 2.5.4. CVE-ID CVE-2015-7082

IDE SCM Available for: OS X Yosemite v10.10.5 or later Impact: Intentionally untracked files may be uploaded to repositories Description: Xcode did not honor the .gitignore directive. This issue was addressed by adding support to honor .gitignore file. CVE-ID CVE-2015-7056 : Stephen Lardieri

otools Available for: OS X Yosemite v10.10.5 or later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of mach-o files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team

Installation note:

Xcode 7.2 may be obtained from: https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "7.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4 Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t 6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h 1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi 5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH ObtqW74YB0YXaiw1ckGl =FxUB -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0155",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xcode",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.2   (os x yosemite v10.10.5 or later )"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.5.3"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.5.2"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.5.1"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.5"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.2.1"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.2"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.1.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.1.3"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.1"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.0.5"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.0.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.0"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.9.5"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.9.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.9"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.8.56"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.7.2"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.6.3.2"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.66"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.65"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.66"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.65"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.6.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.6.3"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.6"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.56"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.55"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.5"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.47"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.46"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.5.24"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.1.5"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.1.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.8.5.5"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.8.5.0"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.8.1.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.8.1.3"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.8"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.7.3.4"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.7.3.3"
      },
      {
        "model": "git",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "git",
        "version": "1.4.4.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "git",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "git",
        "version": "2.5.4"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stephen Lardieri and Proteas of Qihoo 360 Nirvan Team",
    "sources": [
      {
        "db": "BID",
        "id": "78727"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7056",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-7056",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-85017",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7056",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-345",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85017",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. Apple Xcode is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result  in a  denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. There is a security vulnerability in the IDE SCM of Apple Xcode 7.1.1 and earlier versions. The vulnerability stems from the fact that the program does not correctly identify the .gitignore file. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-12-08-6 Xcode 7.2\n\nXcode 7.2 is now available and addresses the following:\n\nGit\nAvailable for:  OS X Yosemite v10.10.5 or later\nImpact:  Multiple vulnerabilities existed in Git\nDescription:  Multiple vulnerabilities existed in Git versions prior\nto 2.5.4. These were addressed by updating Git to version 2.5.4. \nCVE-ID\nCVE-2015-7082\n\nIDE SCM\nAvailable for:  OS X Yosemite v10.10.5 or later\nImpact:  Intentionally untracked files may be uploaded to\nrepositories\nDescription:  Xcode did not honor the .gitignore directive. This\nissue was addressed by adding support to honor .gitignore file. \nCVE-ID\nCVE-2015-7056 : Stephen Lardieri\n\notools\nAvailable for:  OS X Yosemite v10.10.5 or later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of mach-o files. These issues were addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team\nCVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team\n\nInstallation note:\n\nXcode 7.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau\nFNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4\nOfg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t\n6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h\n1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT\nrnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr\nHCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu\nPQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI\ngPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O\npPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi\n5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH\nObtqW74YB0YXaiw1ckGl\n=FxUB\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "BID",
        "id": "78727"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "db": "PACKETSTORM",
        "id": "134747"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7056",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1034340",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU97526033",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "78727",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-85017",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134747",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "db": "BID",
        "id": "78727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "PACKETSTORM",
        "id": "134747"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "id": "VAR-201512-0155",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:41:02.993000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-12-08-6 Xcode 7.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00004.html"
      },
      {
        "title": "HT205642",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205642"
      },
      {
        "title": "HT205642",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205642"
      },
      {
        "title": "Apple Xcode IDE SCM Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59163"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205642"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034340"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7056"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97526033/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7056"
      },
      {
        "trust": 0.3,
        "url": "http://git.or.cz/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://developer.apple.com/xcode/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7082"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7049"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7056"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "db": "BID",
        "id": "78727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "PACKETSTORM",
        "id": "134747"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "db": "BID",
        "id": "78727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "db": "PACKETSTORM",
        "id": "134747"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "BID",
        "id": "78727"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "date": "2015-12-10T17:11:47",
        "db": "PACKETSTORM",
        "id": "134747"
      },
      {
        "date": "2015-12-11T11:59:22.070000",
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85017"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "BID",
        "id": "78727"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      },
      {
        "date": "2016-12-07T18:22:21.337000",
        "db": "NVD",
        "id": "CVE-2015-7056"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Xcode of  IDE SCM Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006362"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-345"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.