This repository has been archived by the owner on Feb 2, 2023. It is now read-only.
Apple latest Xcode 13.2 #96
Assignees
Labels
need info
This issue or pull request requires further information
Comments
|
Please provide a public statement or advisory directly addressing the issue with the software named. Thank you |
|
I am sorry I can’t do that as I am not responsible for this software. I
have reported this issue to Apple but to my knowledge they have not made a
public announcement about this.
…On Fri, Dec 17, 2021 at 4:21 PM iainDe ***@***.***> wrote:
Please provide a public statement or advisory directly addressing the
issue with the software named. Thank you
—
Reply to this email directly, view it on GitHub
<#96 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AECUW5PNKICQFMYANJQJQRLUROSUBANCNFSM5KEEYY5A>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Thank you for the update. We will be looking for the announcement when a public statement is made |
|
Thank you. This is the closest I have found to an official acknowledgment.
It is an answer by an Apple engineer.
https://developer.apple.com/forums/thread/696785
Hi, the Xcode team is aware of this issue. We don’t usually give ETAs for
when a bug will be fixed, but the team is aware that this is a security
concern.
Posted 16 hours ago by
Graphics and Games Engineer
…On Fri, Dec 17, 2021 at 5:47 PM iainDe ***@***.***> wrote:
Thank you for the update. We will be looking for the announcement when a
public statement is made
—
Reply to this email directly, view it on GitHub
<#96 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AECUW5L6Z5MRFFMME6UUFQDURO4ZBANCNFSM5KEEYY5A>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
iainDe
added
the
need info
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Submission Template
Please provide the following information.
Vendor Name - Apple
Product Name - Xcode
Version(s) affected - at least the latest, 13.2
Status: Unknown.
Update Available: No
Notes: Xcode.app contains vulnerable Log4j versions embedded
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar/System/Volumes/Data/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jarReferences
[2021-12-15 16:34:42.246016] VULNERABLE: /System/Volumes/Data/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar -> org/apache/logging/log4j/core/net/JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2] [2021-12-15 16:35:53.674575] VULNERABLE: /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar -> org/apache/logging/log4j/core/net/JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2] [2021-12-15 16:36:05.671575] Finished scan, elapsed time: 225.25 secondsLast Updated: 12/15/2021 12:00 EST
The text was updated successfully, but these errors were encountered: