Hacking Homebrew and How to Defend your Macs

At the London Apple Admins December meet up John Britton, CEO of ‪Workbrew‬, spoke about Homebrew as a powerful and often unsupervised gateway into macOS systems. While security teams focus on MDM, OS patching, and endpoint agents, few are asking the right question: "Who's watching the package manager?"

John examines how attackers can exploit common blind spots in Homebrew usage - from malicious third-party taps to outdated, vulnerable formulas that never get updated. We'll walk through realistic abuse paths, including how writable install paths and poor update hygiene can lead to local privilege escalation or even remote footholds.

Based on real-world experience helping teams secure their developer setups, we'll present practical, no-nonsense strategies for securing Homebrew in modern Apple environments - without alienating your developers or disrupting your workflows.