Homebrew Package Manager Vulnerability Could Allow Code Execution Attacks

From latesthackingnews.com

Homebrew Package Manager Vulnerability

A security researcher with alias RyotaK has found a critical vulnerability in the Homebrew package manager. Homebrew is an open-source and free package manager written in Ruby that facilitates in installing apps on macOS and Linux. Popular in the Ruby on Rails community, Homebrew allows the users to develop software as they want. As explained in a blog post, RyotaK found the vulnerability in the Homebrew Cask that typically focuses on installing GUI apps. In brief, the researcher noticed that the vulnerability allowed an adversary to merge malicious pull requests by confusing the library used in the automated pull request review script. In this way, an attacker could execute malicious Ruby codes on the target brew users’ devices.

Read more…