====================================================================

                               CERT-Renater

                    Note d'Information No. 2016/VULN129
_____________________________________________________________________

DATE                : 22/03/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Mac OS X running Xcode version prior to 7.3.

======================================================================
http://prod.lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
_____________________________________________________________________

APPLE-SA-2016-03-21-4 Xcode 7.3

Xcode 7.3 is now available and addresses the following:

otool
Available for:  OS X El Capitan v10.11 and later
Impact:  A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)

subversion
Available for:  OS X El Capitan v10.11 and later
Impact:  A malicious server may be able to execute arbitrary code
Description:  Multiple vulnerabilities existed in subversion versions
prior to 1.7.21, the most serious of which may have led to remote
code execution. These were addressed by updating subversion to
version 1.7.22.
CVE-ID
CVE-2015-3184 : C. Michael Pilato, CollabNet
CVE-2015-3187 : C. Michael Pilato, CollabNet

Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.3".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================