A few days ago vulnerability CVE-2014-9390 was announced. In short, if you are using a non-case-sensitive filesystem (which is the default on Windows and OSX), an attacker can overwrite the
.git/config tree, which may lead to arbitrary command execution. You can find out more in this blog from the folks at Github.
TL;DR - how do I patch my Mac?
- Download the appropriate package from SourceForge and install it.
- Open a terminal and run the following commands:
sudo mv /usr/bin/git /usr/bin/git-xcode sudo ln -sf /usr/local/git/bin/git /usr/bin/git