-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 11.0 Xcode 11.0 addresses the following: IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855: Chris Coulson ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team Installation note: Xcode 11.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.0". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NDI4ACgkQBz4uGe3y 0M3yBg//WnHzKci0fwo78s/jomFP1EcSVj8FQ5T3ycwITMK01X5WDyZUHJw4rHJH l3NaJLFkjXXovzBl0aQzGHoRvOiYoMJeBCaZeix3dafLdA+6whZ8VREie4ncY31y EI0KoPxBxocLu0WaMUmEatDJsGqQWWFy0Q4LGGmDyOIXnrRqWJrLE7Qmm6IvOr1Q ViDpLeWzymHaAQiiXnpUR9nDvpCEA5irlbKzvmfA55FLzUYdh1RBJUjrsR+JcUJ0 IewyJD6FpFMzpOImQJ22oBArN++Fag6KjlmTDbmL1O2uCHbl1x71ZhOPBRhgWFkP X3nXTYFLGM22SWzOjBn8el05AAfOmkuISP9219HEXfbAYZliTQw37L2VlZ86nCn2 A3F258d8m1UAOh7NGvsDN4WUQ/QD4PQ0OUPSzQtztMXHZwoSiF92fw6epCkH10dV xb28tXuv4eI3aI2ncgf5fClOwsC6/IFeheTfimsL+6ccro2C1IiJvcMnBH7HBZ+9 k4Z414NOKlUsbhTX+8lcLKKzpN/WxppmyN01fIdwO2anu1IRXOI2D3TvRKFI+pkr u4u/ohjf8lmCgoDPyAa4YDmiYu9I5qMb/CmLwwhdYjX2NeUBSEPb3Ctga6jwP6RH /3kg2VAgACUG+nR08itzvCMwCzkILfiCSy6D9EkPed5aoPGIrP4= =9Hep -----END PGP SIGNATURE-----