Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux


homebrew package manager

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users’ machines that have Homebrew installed.

The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a scenario where a malicious pull request — i.e., the proposed changes — could be automatically reviewed and approved. The flaw was fixed on April 19.

password auditor

Homebrew is a free and open-source software package manager solution that allows the installation of software on Apple’s macOS operating system as well as Linux. Homebrew Cask extends the functionality to include command-line workflows for GUI-based macOS applications, fonts, plugins, and other non-open source software.

“The discovered vulnerability would allow an attacker to inject arbitrary code into a cask and have it be merged automatically,” Homebrew’s Markus Reiter said. “This is due to a flaw in the git_diff dependency of the review-cask-pr GitHub Action, which is used to parse a pull request’s diff for inspection. Due to this flaw, the parser can be spoofed into completely ignoring the offending lines, resulting in successfully approving a malicious pull request.”

In other words, the flaw meant malicious code injected into the Cask repository was merged without any review and approval.

password auditor

The researcher also submitted a proof-of-concept (PoC) pull request demonstrating the vulnerability, following which it was reverted. In light of the findings, Homebrew has also removed the “automerge” GitHub Action as well as disabled and removed the “review-cask-pr” GitHub Action from all vulnerable repositories.

In addition, the ability for bots to commit to homebrew/cask* repositories has been removed, with all pull requests requiring a manual review and approval by a maintainer going forward. No user action is required.

“If this vulnerability was abused by a malicious actor, it could be used to compromise the machines that run brew before it gets reverted,” the researcher said. “So I strongly feel that a security audit against the centralized ecosystem is required.”





Source link

Mourad ELGORMA

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Laisser un commentaire