For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.

Apple security documents reference vulnerabilities by CVE-ID when possible.

Xcode 9

Released September 19, 2017

Git

Available for: macOS Sierra 10.12.6 or later

Impact: Checking out a maliciously crafted repository may lead to arbitrary code execution

Description: An ssh:// URL scheme handling issue was addressed through improved input validation.

CVE-2017-1000117

ld64

Available for: macOS Sierra 10.12.6 or later

Impact: Parsing a maliciously crafted Mach-O file may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-7076, CVE-2017-7134, CVE-2017-7135, CVE-2017-7136, CVE-2017-7137: riusksk (泉哥) of Tencent Security Platform Department

subversion

Available for: macOS Sierra 10.12.6 or later

Impact: Checking out a maliciously crafted repository may lead to arbitrary code execution

Description: An input validation issue was addressed through improved input validation.

CVE-2017-9800

Additional recognition

Swift Package Manager

We would like to acknowledge Vincent Esche for their assistance.

CPENameOperatorVersion
macos sierraeq10.12.6
xcodelt9

CPE	Name	Operator	Version
	macos sierra	eq	10.12.6
	xcode	lt	9

nessus 46

openvas 29

apple 1

myhack58 1

hackerone 1

debian 6

freebsd 2

prion 10

nvd 11

cve 11

cvelist 10

archlinux 3

suse 4

ubuntu 1

fedora 4

osv 10

alpinelinux 2

centos 3

redhat 3

oraclelinux 3

amazon 2

ubuntucve 4

packetstorm 1

redhatcve 4

debiancve 5

gentoo 2

metasploit 1

cloudfoundry 1

checkpoint_advisories 2

veracode 3

slackware 2

mageia 2

ibm 2

f5 1

seebug 1

zdt 1

github 1

exploitdb 1

atlassian 2

nessus

Apple Xcode < 9.0 Multiple RCE (macOS)

2017-09-20 00:00:00

FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)

2017-08-14 00:00:00

Debian DLA-1072-1 : mercurial security update

2017-09-01 00:00:00

openvas

Apple Xcode Code Execution or Denial of Service Vulnerabilities

2017-11-03 00:00:00

Debian: Security Advisory (DLA-1072-1)

2018-02-06 00:00:00

Ubuntu: Security Advisory (USN-3387-1)

2017-08-11 00:00:00

apple

About the security content of Xcode 9

2017-09-19 00:00:00

myhack58

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2017-08-11 00:00:00

hackerone

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-14 20:53:18

debian

[SECURITY] [DLA 1072-1] mercurial security update

2017-08-31 11:57:25

[SECURITY] [DSA 3934-1] git security update

2017-08-10 19:05:06

[SECURITY] [DLA 1144-1] git-annex security update

2017-10-27 15:29:08

freebsd

Mercurial -- multiple vulnerabilities

2017-08-10 00:00:00

subversion -- Arbitrary code execution vulnerability

2017-08-10 00:00:00

prion

Memory corruption

2017-10-23 01:29:00

Memory corruption

2017-10-23 01:29:00

Memory corruption

2017-10-23 01:29:00

nvd

CVE-2017-7136

2017-10-23 01:29:13

CVE-2017-7137

2017-10-23 01:29:13

CVE-2017-7135

2017-10-23 01:29:13

cve

CVE-2017-7135

2017-10-23 01:29:13

CVE-2017-7136

2017-10-23 01:29:13

CVE-2017-7076

2017-10-23 01:29:11

cvelist

CVE-2017-7136

2017-10-23 01:00:00

CVE-2017-7137

2017-10-23 01:00:00

CVE-2017-7134

2017-10-23 01:00:00

archlinux

[ASA-201708-7] mercurial: multiple issues

2017-08-12 00:00:00

[ASA-201708-6] git: arbitrary command execution

2017-08-12 00:00:00

[ASA-201708-14] subversion: arbitrary command execution

2017-08-15 00:00:00

suse

Security update for git (important)

2017-08-17 00:08:53

Security update for git (important)

2017-08-21 18:07:57

Security update for git (important)

2017-09-01 03:10:54

ubuntu

Git vulnerability

2017-08-11 00:00:00

fedora

[SECURITY] Fedora 25 Update: git-2.9.5-1.fc25

2017-08-14 00:56:27

[SECURITY] Fedora 26 Update: git-2.13.5-1.fc26

2017-08-13 20:56:31

[SECURITY] Fedora 26 Update: subversion-1.9.7-1.fc26

2017-08-14 21:55:00

osv

CVE-2017-1000117

2017-10-05 01:29:04

git - security update

2017-08-27 00:00:00

git - security update

2017-08-10 00:00:00

alpinelinux

CVE-2017-1000117

2017-10-05 01:29:04

CVE-2017-9800

2017-08-11 21:29:00

centos

emacs, git, gitk, gitweb, perl security update

2017-08-17 10:26:34

emacs, git, gitk, gitweb, perl security update

2017-08-24 09:43:50

mod_dav_svn, subversion security update

2017-08-24 09:44:09

redhat

(RHSA-2017:2485) Important: git security update

2017-08-16 21:46:48

(RHSA-2017:2484) Important: git security update

2017-08-16 21:46:19

(RHSA-2017:2480) Important: subversion security update

2017-08-15 18:41:13

oraclelinux

git security update

2017-08-17 00:00:00

git security update

2017-08-16 00:00:00

subversion security update

2017-08-15 00:00:00

amazon

Important: git

2017-08-31 16:00:00

Important: subversion, mod_dav_svn

2017-08-31 16:11:00

ubuntucve

CVE-2017-1000117

2017-08-10 00:00:00

CVE-2017-12976

2017-08-20 00:00:00

CVE-2017-9800

2017-08-10 00:00:00

packetstorm

Malicious GIT HTTP Server

2017-08-30 00:00:00

redhatcve

CVE-2017-1000117

2021-03-20 20:53:20

CVE-2017-9800

2017-08-10 18:48:21

CVE-2017-16228

2017-11-03 14:19:26

debiancve

CVE-2017-1000117

2017-10-05 01:29:04

CVE-2017-12976

2017-08-20 20:29:00

CVE-2017-9800

2017-08-11 21:29:00

gentoo

Git: Command injection

2017-09-17 00:00:00

Subversion: Arbitrary code execution

2017-09-17 00:00:00

metasploit

Malicious Git HTTP Server For CVE-2017-1000117

2017-08-13 03:47:44

cloudfoundry

USN-3387-1: Git vulnerability | Cloud Foundry

2017-08-17 00:00:00

checkpoint_advisories

Git ssh URL Processing Command Execution (CVE-2017-1000117)

2018-05-02 00:00:00

Apache Subversion svn-ssh URL Command Execution (CVE-2017-9800)

2017-08-29 00:00:00

veracode

Remote Code Execution (RCE)

2019-01-15 09:18:24

Privilege Escalation

2020-05-10 23:25:43

Arbitrary Command Execution

2017-10-30 00:47:04

slackware

[slackware-security] git

2017-08-11 23:10:53

[slackware-security] subversion

2017-08-11 23:11:38

mageia

Updated git packages fix security vulnerability

2017-08-14 01:19:29

Updated subversion packages fix security vulnerability

2017-08-17 00:10:57

ibm

Security Bulletin: A vulnerability in subversion affects PowerKVM

2018-06-18 01:38:34

Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800)

2018-06-16 22:03:31

K45625134 : Apache Subversion vulnerability CVE-2017-9800

2017-08-29 00:00:00

seebug

Apache Subversion Remote Command Execution Vulnerability(CVE-2017-9800)

2017-08-16 00:00:00

zdt

Apache Subversion Arbitrary Code Execution Vulnerability

2017-08-14 00:00:00

github

Dulwich RCE Vulnerability

2022-05-13 01:44:04

exploitdb

Git < 2.7.5 - Command Injection (Metasploit)

2017-08-31 00:00:00

atlassian

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

2018-02-02 00:11:43

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

2018-02-02 00:11:43

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.552 Medium

EPSS

Percentile

97.7%

JSON

Related for APPLE:HT208103