CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Application Security·Vulnerabilities

Homebrew Security Audit Finds 25 Vulnerabilities

Vulnerabilities in Homebrew could have allowed attackers to load executable code and modify binary builds, security audit finds. The post Homebrew Security Audit Finds 25 Vulnerabilities appeared first on SecurityWeek.

Multiple vulnerabilities in Homebrew could have allowed attackers to load executable code and modify binary builds, potentially controlling CI/CD workflow execution and exfiltrating secrets, a Trail of Bits security audit has discovered.

Sponsored by the Open Tech Fund, the audit was performed in August 2023 and uncovered a total of 25 security defects in the popular package manager for macOS and Linux.

None of the flaws was critical and Homebrew already resolved 16 of them, while still working on three other issues. The remaining six security defects were acknowledged by Homebrew.

The identified bugs (14 medium-severity, two low-severity, 7 informational, and two undetermined) included path traversals, sandbox escapes, lack of checks, permissive rules, weak cryptography, privilege escalation, use of legacy code, and more.

The audit’s scope included the Homebrew/brew repository, along with Homebrew/actions (custom GitHub Actions used in Homebrew’s CI/CD), Homebrew/formulae.brew.sh (the codebase for Homebrew’s JSON index of installable packages), and Homebrew/homebrew-test-bot (Homebrew’s core CI/CD orchestration and lifecycle management routines).

“Homebrew’s large API and CLI surface and informal local behavioral contract offer a large variety of avenues for unsandboxed, local code execution to an opportunistic attacker, [which] do not necessarily violate Homebrew’s core security assumptions,” Trail of Bits notes.

In a detailed report on the findings, Trail of Bits notes that Homebrew’s security model lacks explicit documentation and that packages can exploit multiple avenues to escalate their privileges.

The audit also identified Apple sandbox-exec system, GitHub Actions workflows, and Gemfiles configuration issues, and an extensive trust in user input in the Homebrew codebases (leading to string injection and path traversal or the execution of functions or commands on untrusted inputs).

“Local package management tools install and execute arbitrary third-party code by design and, as such, typically have informal and loosely defined boundaries between expected and unexpected code execution. This is especially true in packaging ecosystems like Homebrew, where the “carrier” format for packages (formulae) is itself executable code (Ruby scripts, in Homebrew’s case),” Trail of Bits notes.

Related: Acronis Product Vulnerability Exploited in the Wild

Related: Progress Patches Critical Telerik Report Server Vulnerability

Related: Tor Code Audit Finds 17 Vulnerabilities

Related: NIST Getting Outside Help for National Vulnerability Database

Latest News

CYBERNEWSMEDIAPublisher