Jobs’ Mob’s software genii have apparently not bothered to upgrade the version of Git which comes bundled with OS X versions.
Git allows developers to manage source code repositories, keeping track of code changes from version to version. But the version in El Capitan is so old it exposes users to two possible attacks.
Security expert Rachel Kroll discovered that El Capitan comes bundled with Git 2.6.4. and the vulnerablities were found in all Git versions before 2.7.3.
The two vulnerabilities are heap-based buffer overflows, allow attackers to execute malicious code on the machine. The attacker can use the malicious code hidden in the repo to launch an attack on the Mac, compromise the system, and take control of the user’s device and all the Mac user’s Coldplay collection and pictures of their mum and cats will be vulnerable.
There is no way to fix it either. The bundled Git version can’t be updated without breaking Git support.
Writing in her bog Kroll wrote: “If you rely on machines like this, I am truly sorry. I feel for you. I wrote this post in an attempt to goad them [Apple] into action because this is affecting lots of people who are important to me. They are basically screwed until Apple deigns to deliver a patched git unto them.”