Dangerous RCE Bug Discovered in Homebrew Package Manager used for macOS and Linux!

Dangerous RCE Bug Discovered in Homebrew Package Manager used for macOS and Linux!

Recently a security vulnerability was discovered in Homebrew Cask Repository that may exploit by the hackers while executing the arbitrary code on the victim’s machines that use the Homebrew applications.

These vulnerabilities were discovered by the Japanese security researcher named as RyoTak on 18th April, the researcher was examining the code that may update by the GitHub repository as the malware was discovered and automatically reviewed or approved.

However, the bug was fixed by the organization on next day. Homebrew is an open-source software package manager solution company, that is designed for macOS and Linux systems. Homebrew also extended the functionality that deals with command-line workflows based on GUI for macOS applications that deal with plugins, fonts, and other applications.

The spokesperson from Homebrew said that the vulnerability identified would permit the attackers to insert the malicious arbitrary code into the cask and the code merged automatically. This all happened due to the bug present in git_diff and review-cask-pr GitHub Action, which is also used while praising the pull request while inspection.

Dangerous RCE Bug Discovered in Homebrew Package Manager used for macOS and Linux!

With this vulnerability, the parser can be manipulated and start ignoring the offending lines that result in approving the malicious request. Meanwhile, the flaw is capable to inject the code in the Cask and the injected malicious code is merged without any review or approval from the administrator.

While making their statement more valuable the researcher also submitted the proof-of-concept that shows the complete demonstration of the vulnerability present. Since Homebrew also removed the auto-merge GitHub Action while protecting their funding and they also disabled and removed the review-cask-pr and all the other vulnerable repositories that are connected to GitHub.

Summering Up

The Bug can capable of bot the homebrew and cask repository that will be removed and all the requests need manual review and approval while revoking the attack. The expert also added that in case this bug was manipulated by the attackers, they will easily infect the machines and execute the malware before the organization is notified.

The expert also advised the organization to conduct the security audit that examine all the vulnerability or bug present in their ecosystem.

Leave a Reply