Injecting code into any Homebrew Cask by attacking GitHub Actions script
http://premium.bugbountyexplained.com/
This video is an explanation of the vulnerability in GitHub Actions script used by Homebrew repository to automatically merge some commits. The attacker – RyotaK was able to publish code to any ruby file within Casks folder, thus gaining an RCE on anyone using brew casks.
✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/
? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215
Report:
https://blog.ryotak.me/post/homebrew-security-incident-en/
Reporter’s twitter:
https://twitter.com/ryotkak
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:21 Auto-updating Homebrew Casks
02:43 Hiding lines from git_diff
05:54 What does ++ mean in Ruby?
06:32 Bypassing regex filename match
06:55 Dealing with undefined variables
07:32 Bypassing Rubocop
Add comment