Apple has rolled out a security update aimed at addressing three Git flaws within its Xcode macOS development environment, SecurityWeek
Threat actors could exploit the first vulnerability tracked as CVE-2022-29187, which is a CVE-2022-24765 variant to facilitate configuration file creation within the malicious .git directory and enable the execution of arbitrary commands
"An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository," said Apple, which noted that all Git versions before 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 are affected. Also fixed in the update is CVE-2022-39253, which could be leveraged to allow information leaks.
Apple's latest security update also addresses CVE-2022-39260, which could be abused for arbitrary code execution, and CVE-2022-42797, which could be exploited to obtain root privileges.