• caglararli@hotmail.com
  • 05386281520

Is macOS vulnerable to the XZ-vulnerability?

Çağlar Arlı      -    15 Views

Is macOS vulnerable to the XZ-vulnerability?

For a time homebrew was serving the vulnerable XZ Utils / liblzma versions 5.6.0 and 5.6.1. I observed on my own MacBook pro that I had the 5.6.1 installed via homebrew.

The current state of knowledge seems to suggest that macOS was so far not vulnerable - but I find this hard to establish.

I’d say better safe than sorry. So a quick..

homebrew update & homebrew upgrade

.. solves the issue by downgrading to the last safe version. But I'd still like to know...

Is macOS really save even if vulnerable liblzma versions are present?