Apple on Friday patched two known critical vulnerabilities in its Xcode development tool that were concerned with the Git source code management client portion of the program.
For unknown reasons, Apple waited seven weeks to update the version of Git shipping with the command-line tools in Xcode to v2.7.4, released by Git developers on March 17 to address the vulnerabilities.
The flaw, now corrected, could allow for cloning a repository with a specially-crafted file structure, giving attackers a chance to execute malicious code on systems where cloning operations were initiated.
The Command Line Tools package is not installed by default on OS X, but users have the option of installing it, and in some cases were forc
