Nearly a month after Git vulnerabilities, CVE-2016-2324 and CVE-2016-2315 were made clear to Apple, they have finally been fixed. Upsetting to some, the patched version of Git was released on March 17th, but was not implemented into Xcode by Apple until about 6 weeks later. Apple released a new version of its Xcode development tool this past week, in order to patch two critical vulnerabilities in the Git source code management client. The Git vulnerabilities allow attackers to use malicious code on systems that utilized the initiated cloning operations.
Developers use Xcode to write applications for OS X and iOS as it is an integrated development environment. Xcode includes a package called the OS X Command Line Tools for Xcode, which contained the Git vulnerabilities. Now updated to 2.7.4. version, the Git with the command tools package should be back in working order. System administrators and researchers alike criticized Apple for their lack of timely attention to the patches. Left in the dark and without a patch for 6 weeks, many were forced to resort to hacking in order to disable Git within company Mac machines, not exactly the ideal solution to the problem. When it takes Apple a month and a half to implement the fix, sometimes hackery is the only viable answer.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: Computer World – Apple Patches