5Nis
Is macOS vulnerable to the XZ-vulnerability?
For a time homebrew was serving the vulnerable XZ Utils / liblzma versions 5.6.0 and 5.6.1. I observed on my own MacBook pro that I had the 5.6.1 installed via homebrew.
The current state of knowledge seems to suggest that macOS was so far not vulnerable - but I find this hard to establish.
I’d say better safe than sorry. So a quick..
homebrew update & homebrew upgrade
.. solves the issue by downgrading to the last safe version. But I'd still like to know...
Is macOS really save even if vulnerable liblzma versions are present?