Outdated version of Git exposes developers with Macs to security risks

Outdated version of Git exposes developers with Macs to security risks

As part of the resources offered by the Xcode to developers of apps for OS X and iOS, Apple supports Git, one of the most popular source code managers today in which hundreds of thousands of individuals and companies work daily. He was recently targeted by security researchers, who found vulnerabilities that could allow full control of a computer on which he installed.

The flaws found allow a malicious user to exploit a memory bug, by hosting a repository with huge branching of directories that can be cloned by developers on their local machines. The bug in question was found until Git version 2.7.0, the most recent until the publication of this article, 2.8.1, was released in early April.

Back of Git on OS X

The problem, in the case of developers working with Xcode, is that the standard version of Git is currently installed with the command line tools in OS X to 2.6.4. It is even possible to update Git in parallel (either manually or using package managers maintained by third parties), but Apple's tools depend on the standard installation, which is within the Xcode.app itself in the application directory.

The way, for Ma developers who depend on Xcode, wait until a new stable version contains an update for Git. In version 7.3.1, which entered intoGM seed on April 19, unfortunately there are no changes to the manager build.

(via rachelbythebay)