This document describes the security content of Xcode Tools 2.3, which can be downloaded and installed from the Apple Developer Connection.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
WebObjects
CVE-ID: CVE-2006-1466
Available for: Mac OS X v10.4 and later
Impact: If you install WebObjects developer tools, remote attackers may be able to obtain or modify WebObjects projects while Xcode is running
Description: The WebObjects Xcode plug-in provides the ability to manipulate projects through a network service. This service is accessible to remote systems while Xcode is running. This update addresses the issue by limiting this service to the local system. This issue does not affect default installations of Xcode Tools. Only systems with the WebObjects plug-in installed are affected. Credit to Mike Schrag of mDimension Technology for reporting this issue.