Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
XCode vulnerable to the log4j exploit
101 views
Skip to first unread message
Ian McCall
Dec 14, 2021, 3:50:28 AM12/14/21
to
ian@Ians-MBP ~ % sudo find / -name "*log4j*" -type f -print |tee /tmp/t.txt
/Applications/Xcode.app/Contents/Developer/usr/share/xcs/xcsd/node_modules/nan
o/node_modules/follow/browser/log4js.js
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.slf4j-impl-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.jcl-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.api-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/com.apple.transporter.log4j2-
1.0.0.jar
Needs to be 2.15 or less than 2.0 to be clean. That’s...not a good look,
releasing.a new version of your development platform with a major
vulnerability in it, four days after it was found. Should have been delayed
and fixed.
Cheers,
Ian.
/Applications/Xcode.app/Contents/Developer/usr/share/xcs/xcsd/node_modules/nan
o/node_modules/follow/browser/log4js.js
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.slf4j-impl-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.jcl-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.api-
2.11.2.jar
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.fram
ework/Versions/A/itms/share/OSGi-Bundles/com.apple.transporter.log4j2-
1.0.0.jar
Needs to be 2.15 or less than 2.0 to be clean. That’s...not a good look,
releasing.a new version of your development platform with a major
vulnerability in it, four days after it was found. Should have been delayed
and fixed.
Cheers,
Ian.
Ian McCall
Dec 16, 2021, 8:16:11 AM12/16/21
to
On 15 Dec 2021, Alan B wrote
(in article<spd097$9ej$1...@alanrichardbarker.eternal-september.org>):
> My M1 Mac tried to auto update Xcode to 13.2 but borked so after a few hours
> waiting for it to complete I gave up. The only way to get out of the situation
> was to press the Xcode icon in Launchpad and click the x for delete which of
> course
> really did delete the Xcode app from /Applications. Reading around this
> update issue
> seems to be quite common. I might try to download the full Xcode app in a day
> or two
> but I'd rather get into the Christmas spirit ;-)
Apparently the actual App Store version they released is bugged as
well.<https://www.macrumors.com/2021/12/14/xcode-13-2-bug/>
To quote from the Hitchhiker’s series:
“You see Zaphod, when I think about what you’re doing with your life I
find the phrase ‘pigs ear’ coming to mind”...
Cheers,
Ian
(in article<spd097$9ej$1...@alanrichardbarker.eternal-september.org>):
> My M1 Mac tried to auto update Xcode to 13.2 but borked so after a few hours
> waiting for it to complete I gave up. The only way to get out of the situation
> was to press the Xcode icon in Launchpad and click the x for delete which of
> course
> really did delete the Xcode app from /Applications. Reading around this
> update issue
> seems to be quite common. I might try to download the full Xcode app in a day
> or two
> but I'd rather get into the Christmas spirit ;-)
Apparently the actual App Store version they released is bugged as
well.<https://www.macrumors.com/2021/12/14/xcode-13-2-bug/>
To quote from the Hitchhiker’s series:
“You see Zaphod, when I think about what you’re doing with your life I
find the phrase ‘pigs ear’ coming to mind”...
Cheers,
Ian
0 new messages