=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN275
_____________________________________________________________________

DATE                      : 24/05/2006

HARDWARE PLATFORM(S)      : APPLE.

OPERATING SYSTEM(S)       : MAc OS X running Xcode Tools .

======================================================================

APPLE-SA-2006-05-23 Xcode Tools 2.3

Xcode Tools 2.3 is now available.  Along with functionality
improvements (see release notes), it also fixes the following
security issue:

WebObjects
CVE-ID:  CVE-2006-1466
Available for:  Mac OS X v10.4 and later
Impact:  If you install WebObjects developer tools, remote
attackers may be able to obtain or modify WebObjects projects
while Xcode is running
Description:  The WebObjects Xcode plug-in provides the ability
to manipulate projects through a network service. This service
is accessible to remote systems while Xcode is running. This
update addresses the issue by limiting this service to the local
system. This issue does not affect default installations of
Xcode Tools. Only systems with the WebObjects plug-in installed
are affected. Credit to Mike Schrag of mDimension Technology
for reporting this issue.

Xcode Tools 2.3 may be obtained from:
http://developer.apple.com/tools/download/

The download file is named:  "xcode_2.3_8m1780_oz693620813.dmg"
Its SHA-1 digest is:  aa768c0fb979eeb11c29f177f68c763fab14ea3f

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================