Until Apple pushes out a fix for this flaw, users can protect themselves against this type of attack by installing Esser's kernel extension that implements several mitigations for weaknesses involving SUID/SGID binaries.
In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.
Editor's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software. In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service.
Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page.
Note: SourceForge and Slashdot share a corporate parent.
IT Security is an ever-growing field. Every year more hackers and crackers try to steal you bank PIN number, mess up your nuclear fuel centrifuges, jam your attack drones’ control signals, steal your company passwords an other secrets and. it goes on and on, to the point where, Hord says, over two million (2,000,000) new IT security people will be needed in the next few years. Should you be one of them? Do you have the skills to be one of them? If not, can you acquire those skills?
"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants