![]() ![]() ![]() The issue exists because of Git’s behavior when performing local clones and can be exploited by tricking a victim into cloning a repository that contains a symbolic link pointing at sensitive information on the victim’s system. ![]() Now rolling out to macOS Monterey 12.5 and later as version 14.1, the latest Xcode iteration also resolves CVE-2022-39253, a security defect that could lead to information leaks. With the latest version of Xcode, Apple updated Git to version 2.32.3, which resolves ‘multiple issues’. “An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository,” the vulnerability’s description reads. git directory and, by using specific variables, could achieve arbitrary command execution on the shared machine. git directory in a shared location above a victim’s current working directory.”Īn attacker could exploit the flaw to create configuration files in the malicious. The first of the issues, CVE-2022-29187, is a variant of CVE-2022-24765, a bug impacting users on multi-user machines, where “a malicious actor could create a. Apple this week announced a security update for the Xcode macOS development environment, to resolve three Git vulnerabilities, including one leading to arbitrary code execution. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |