Homebrew
macOS package manager abuse techniques
critical
Code Execution
Cask preflight / postflight Arbitrary Ruby Execution
Homebrew Casks (macOS application installers) support four flight stanzas — `preflight`, `postflight`, `uninstall_preflight`, and …
macOS
high
Code Execution
Cask pkg and installer script Privilege Escalation
The Cask DSL provides a `pkg` stanza (to install a macOS .pkg) and an `installer script:` stanza (to run an arbitrary executable). The …
macOS
critical
Code Execution
Homebrew Formula Install Method Code Execution
Homebrew formulae are Ruby files that define an `install` method executed by `brew install`. The method has unrestricted access to the …
macOS
Linux
high
Supply Chain
Malicious Third-Party Tap Supply Chain
`brew tap /` adds a third-party git repository as a source of formulae and casks. Once tapped, the tap's formulae are installable by short …
macOS
Linux