The Hacker News
A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users’ machines that have Homebrew installed.
The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a scenario where a malicious pull request — i.e., the proposed changes — could be automatically reviewed and approved. The flaw was fixed on April 19.