Home News Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

    Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux


    homebrew package manager

    A lately recognized safety vulnerability within the official Homebrew Cask repository might have been exploited by an attacker to execute arbitrary code on customers’ machines which have Homebrew put in.

    The problem, which was reported to the maintainers on April 18 by a Japanese safety researcher named RyotaK, stemmed from the way in which code adjustments in its GitHub repository had been dealt with, leading to a situation the place a malicious pull request — i.e., the proposed adjustments — could possibly be robotically reviewed and authorized. The flaw was mounted on April 19.

    password auditor

    Homebrew is a free and open-source software program bundle supervisor resolution that permits the set up of software program on Apple’s macOS working system in addition to Linux. Homebrew Cask extends the performance to incorporate command-line workflows for GUI-based macOS purposes, fonts, plugins, and different non-open supply software program.

    “The found vulnerability would enable an attacker to inject arbitrary code right into a cask and have it’s merged robotically,” Homebrew’s Markus Reiter said. “This is because of a flaw within the git_diff dependency of the review-cask-pr GitHub Motion, which is used to parse a pull request’s diff for inspection. As a consequence of this flaw, the parser might be spoofed into fully ignoring the offending strains, leading to efficiently approving a malicious pull request.”

    In different phrases, the flaw meant malicious code injected into the Cask repository was merged with none overview and approval.

    password auditor

    The researcher additionally submitted a proof-of-concept (PoC) pull request demonstrating the vulnerability, following which it was reverted. In gentle of the findings, Homebrew has additionally eliminated the “automerge” GitHub Motion in addition to disabled and eliminated the “review-cask-pr” GitHub Motion from all susceptible repositories.

    As well as, the power for bots to decide to homebrew/cask* repositories has been eliminated, with all pull requests requiring a handbook overview and approval by a maintainer going ahead. No person motion is required.

    “If this vulnerability was abused by a malicious actor, it could possibly be used to compromise the machines that run brew earlier than it will get reverted,” the researcher said. “So I strongly really feel {that a} safety audit in opposition to the centralized ecosystem is required.”

    Source link