Homebrew SECURITY FLAW! You could EASILY be ATTACKED!

preview_player
Показать описание
Homebrew has a SERIOUS SECURITY FLAW, thus enabling attacks to happen easily. Let me show you how the vulnerability works and what you can do to protect yourself and continue to use this AWESOME Package Manager.

Homebrew Links:

Special Thanks To: Photo by Markus Spiske from Pexels

🔥 Ninja Mac Videos:🔥
Control Mac With iPhone  Remote Mac Desktop and Screen Share Mac To iPhone - Remote Mac Access!

🔥Remotely Control Any  Mac With Screen Sharing!🔥Remote Mac Desktop with Remote Mac Access!

Dual Boot Mac OS Catalina  Mojave!

How to Test Mac Hardware using Apple Hardware Diagnostics Tool - How well is your Mac Working?

Unlock Mac  Apple Watch!

How To Download MacOS Catalina & MacOS Mojave without the App Store! NEW FEATURE IN MAC OS CATALINA!

How to Zip Files in Mac  How to Unzip On Mac  Password Protected Zip File Mac  Unzip Command Mac!

Mac Terminal  10 Awesome Commands!

Mac OS Catalina  Mojave - Storage Management Tool!

Lost Mac? Find My Mac! Find My Mac iCloud & Find My Mac Alert! How does Find My Mac work? Dive in!

🔥How to Encrypt External Drives on your Mac!🔥

iMovie Tutorial 2019  iMovie For Mac Tutorial will give you the Skills to Make your Movie Awesome!
  1. Apple Ninja
  2. homebrew tutorial
  3. homebrew Mac tutorial
  4. homebrew mac video tutorial
  5. homebrew taps
  6. homebrew github
Рекомендации по теме
Homebrew SECURITY FLAW! 0:08:37

Homebrew SECURITY FLAW! You could EASILY be ATTACKED!

Bricked Wii 🧱 0:00:15

Bricked Wii 🧱 #homebrew #nintendo #wii #shorts

why does Nintendo 0:00:39

why does Nintendo do this?

it's a good 0:00:21

it's a good deal. parody of a parody by Matt Storer #strangerthings #animation #b3d #blender3d

I’m done with 0:00:10

I’m done with the Nintendo Switch!

“Remove Joy-Cons on 0:00:18

“Remove Joy-Cons on Switch Lite 🤓” #nintendoswitch #nintendo #gaming

50 macOS Tips 0:11:11

50 macOS Tips and Tricks Using Terminal (the last one is CRAZY!)

some people still 0:00:17

some people still don't know about this!

🔥Ready to Code? 0:38:02

🔥Ready to Code? The Ultimate Mac Mini M4 Dev Setup is Here! 💪💻 - 2024

A feature you’ll 0:00:23

A feature you’ll probably want to turn off on your Switch

This Steam Deck 0:00:12

This Steam Deck Tip will Save you MONEY! 💰

this will download 0:00:20

this will download everything faster on your switch

Nintendo Switch secrets 0:00:36

Nintendo Switch secrets 🤫. Free games hack!

Windows Will SAVE 0:00:41

Windows Will SAVE Your Old Mac

How this emulator 0:06:53

How this emulator can get you HACKED

Full Body Transplant 0:00:28

Full Body Transplant 😨(Explained)

This USB will 0:00:59

This USB will FRY ANY DEVICE.... #Shorts

Wait.. The PS3 0:00:14

Wait.. The PS3 could do this?

How to Install 0:09:02

How to Install Homebrew in a right way for Mac (macOS M1/M2/M3) With zsh

The 1st thing 0:16:02

The 1st thing to install on ANY Mac

Awesome PS4 Lifehack 0:00:15

Awesome PS4 Lifehack YOU NEED!

New Switch Owners 0:00:12

New Switch Owners In 2023

2 Hours of 2:03:28

2 Hours of Console Hacking & Homebrew to Conk Out To

3 Reasons Why 0:00:07

3 Reasons Why You Shouldn't Get Bloxburg

Комментарии
Автор

Another approach is to create a new 'brew' user on the mac, and use it to install everything. You change to that user to add new binaries, but never use the 'brew' user account for anything else.

Not requiring a password to add software, or to alter the files is /usr/local, is a huge security hole.

robertburrowes
Автор

I didn't quite catch what you did there to secure it.

AtacamaHumanoid
Автор

How about creating a script that goes back to a secure bin folder after downloading and installing any formulas and or casks?

jesuscervantes
Автор

This is why I prefer macports over Homebrew.

Knightjp
Автор

Also, what about MacPorts, does it also have security flaws?

jesuscervantes
Автор

What about the original location where the alias is pointing to? You can still overwrite that? How about the brew executable itself or it’s libraries?

avashurov
Автор

Hi Apple Ninja, great video! -- thank you.

Q: I’m a bit confused though could you please clarify.
As I understand your solution to this brew flaw is to chown the permissions back and forth.
In other words you maintain permissions as:
sudo chown root:wheel /usr/local/bin
and then
sudo chown macguy:admin /usr/local/bin
when you want to install a formula? Is that correct?

And what about:
/usr/local/opt
Q: Would your permissions toggling be advisable there, too?
And if not why not?

piperskenny
Автор

what if nothing pops up on brew list does that mean theres nothing to worry about as far as security ?

jimmyconway
Автор

thank you in advance for your time! : )

piperskenny