|
|
|
|
|
|
by pfg
3321 days ago
|
|
|
I definitely agree with this advice in general, but as it so happens, users who installed HandBrake via homebrew (a package manager for macOS) were affected by this too because the hash for the latest version of HandBrake was changed to the infected version[1]. Still, package managers definitely make it harder for the attacker in most cases. [1]: https://github.com/caskroom/homebrew-cask/pull/33354 |
|
|
> 99% of the time these hash changes are innocent
That's actually not very good at all and proves they shouldn't just trust hash changes! Very odd