=====================================================================

                               CERT-Renater

                     Note d'Information No. 2023/VULN357

_____________________________________________________________________

DATE                : 28/09/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Xcode versions prior to 15.

=====================================================================
https://lists.apple.com/archives/security-announce/2023/Sep/msg00018.html
_____________________________________________________________________

APPLE-SA-09-26-2023-6 Xcode 15

Xcode 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213939.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Dev Tools
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2023-32396: Mickey Jin (@patch1t)

GPU Drivers
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security

iTMSTransporter
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to access App Store credentials
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-40435: James Duffy (mangoSecure)

Xcode 15 may be obtained from:
https://developer.apple.com/xcode/downloads/  To check that the Xcode
has been updated:  * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 15".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================