Apple released Xcode 2.5 on Tuesday evening to address security related issues in the Mac OS X 10.4 and 10.5 application development environment. The update patches security flaws relating to files that contain Tektronix Hex Format data, and the demo version of Xcode WebObjects.
Xcode 2.5 patches a flaw where processing a file with maliciously crafted TekHex content could lead to arbitrary code execution or unexpected application termination. It also corrects a problem where the demo version of WebObjects could allow an unprivileged local user to gain system privileges. Both of these flaws impact Mac OS X 10.4 and Mac OS X 10.5.
Xcode 2.5 is free, and available for download at the Apple Developer Connection Web site.