Apple developers – get this update to protect the rest of us! – Naked Security


Apple just pushed out an update to its widely used software development toolkit, Xcode.

New Xcode releases are pretty common immediately after updates to macOS or IOS, typically to provide official support and documentation for new programming features in the latest operating system versions.

The Xcode 11.2 release was a bit different, however, even though it followed closely on the heels of the recent macOS 10.15.1 and iOS 13.2.1 updates.

Xcode 11.2 comes with its own security advisory urging you to get (and then to verify that you have correctly installed) the new version, thanks to a pair of security flaws denoted CVE-2019-8800 and CVE-2019-8806.

These flaws are described in Apple’s typically perfunctory fashion in APPLE-SA-2019-11-01-1 (SA stands for security advisory):

Processsing a maliciously crafted file may lead to arbitrary code execution.

In other words, it sounds as though the supposedly innocent task of just compiling, or building, a software project – something that’s supposed to be ‘mostly harmless’ – could inject malware onto your system.