Git vulnerability (CVE-2014-9390) : patching your Mac

December 22, 2014

A few days ago vulnerability CVE-2014-9390 was announced. In short, if you are using a non-case-sensitive filesystem (which is the default on Windows and OSX), an attacker can overwrite the .git/config tree, which may lead to arbitrary command execution. You can find out more in this blog from the folks at Github.

TL;DR - how do I patch my Mac?

  1. Download the appropriate package from SourceForge and install it.
  2. Open a terminal and run the following commands:

    sudo mv /usr/bin/git /usr/bin/git-xcode
    sudo ln -sf /usr/local/git/bin/git /usr/bin/git