A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS.
iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power users as a result of its many features and highly customizable nature. One of these features, the tmux integration mode, is responsible for this vulnerability, and it has existed in iTerm2 for at least seven years, according to the Mozilla Open Source Support Program.Identified as CVE-2019-9535, the vulnerability affects iTerm2 versions prior to and including 3.3.5. This critical vulnerability allows an attacker to execute arbitrary commands on the victim’s computer in any situation in which attacker-controlled content is output to the terminal.Many common everyday tasks can be a source of compromise, including viewing log files or opening specially crafted documents while in the iTerm2 terminal. This makes CVE-2019-9535 an especially dangerous vulnerability. Not only that, but specific use of the tmux integration is not required to successfully exploit this security weakness.Users are strongly urged to update their iTerm2 installations in order to remedy this vulnerability. Reflecting on the relative ease with which attackers can achieve a compromise, no ..
Support the originator by clicking the read the rest link below.
