Homebrew fixes Cask repo GitHub Actions bug that would have

Plus: America creates task force to tackle ransomware crims
Share
Copy
In Brief The Homebrew package manager for macOS and Linux has fixed an issue that could have been exploited by miscreants to run malicious code on people's computers.
Specifically, the project's GitHub Actions setup could have been abused to sneak arbitrary Ruby code into its Cask repositories, security researcher RyotaK discovered and disclosed via HackerOne.
The infosec bod found it was possible to merge a "malicious pull request by confusing the library that is used in the automated pull request review script developed by the Homebrew project. By abusing it, an attacker could execute arbitrary Ruby codes on users' machines."

Related Keywords

United Kingdom , United States , Americans , America , American , Markus Reiter , John Carlin , Uncle Sam , American Airlines , Digital Extortion Task , Brief The Homebrew , Github Actions , Github Action , Digital Extortion Task Force , Acting Deputy Attorney General John , Security , In Brief , ஒன்றுபட்டது கிஂக்டம் , ஒன்றுபட்டது மாநிலங்களில் , அமெரிக்கர்கள் , அமெரிக்கா , அமெரிக்கன் , ஜான் கார்லின் , மாமா சாம் , அமெரிக்கன் விமான நிறுவனங்கள் , நடிப்பு துணை வழக்கறிஞர் ஜநரல் ஜான் , பாதுகாப்பு ,