Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Apple Xcode Vendors:   Apple
Apple Xcode Tools Grants Remote Access to WebObjects Projects
SecurityTracker Alert ID:  1016143
SecurityTracker URL:
CVE Reference:   CVE-2006-1466   (Links to External Site)
Updated:  Nov 1 2006
Original Entry Date:  May 23 2006
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.3
Description:   A vulnerability was reported in Xcode Tools. A remote user may be able to view or modify WebObjects projects on the target system.

The WebObjects Xcode plug-in allows a remote user to manipulate projects through a network service. A remote user can connect to the service to view or modify projects.

Systems with the WebObjects plug-in installed are affected.

Apple credits Mike Schrag of mDimension Technology with reporting this vulnerability.

Impact:   A remote user can view or modify WebObjects projects.
Solution:   The vendor has issued a fixed version (2.3), available at:

The download file is named: "xcode_2.3_8m1780_oz693620813.dmg"
Its SHA-1 digest is: aa768c0fb979eeb11c29f177f68c763fab14ea3f

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.

 Source Message Contents

Subject:  APPLE-SA-2006-05-23 Xcode Tools 2.3

Hash: SHA256

APPLE-SA-2006-05-23 Xcode Tools 2.3

Xcode Tools 2.3 is now available.  Along with functionality
improvements (see release notes), it also fixes the following
security issue:

CVE-ID:  CVE-2006-1466
Available for:  Mac OS X v10.4 and later
Impact:  If you install WebObjects developer tools, remote
attackers may be able to obtain or modify WebObjects projects
while Xcode is running
Description:  The WebObjects Xcode plug-in provides the ability
to manipulate projects through a network service. This service
is accessible to remote systems while Xcode is running. This
update addresses the issue by limiting this service to the local
system. This issue does not affect default installations of
Xcode Tools. Only systems with the WebObjects plug-in installed
are affected. Credit to Mike Schrag of mDimension Technology
for reporting this issue.

Xcode Tools 2.3 may be obtained from:

The download file is named:  "xcode_2.3_8m1780_oz693620813.dmg"
Its SHA-1 digest is:  aa768c0fb979eeb11c29f177f68c763fab14ea3f

Information will also be posted to the Apple Product Security
web site:

This message is signed with Apple's Product Security PGP key,
and details are available at:

Version: PGP Desktop 9.0.6 (Build 6060)


Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC