iTerm2 is one of the most popular macOS terminal emulator and is a default choice for developers and administrators due to its extensive features like windows transparency, full-screen mode, notifications, integration with tmux etc.
A critical remote code execution vulnerability has been discovered in iTerm2 by Radically Open Security, as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS). The vulnerability is identified with CVE-2019-9535 and resides in the tmux integration feature of iTerm2 allowing an attacker to execute arbitrary commands on affected system.
A proof-of-concept video is available from Mozilla which shows, how connecting to a malicious SSH server can result in running of an arbitrary command. Exploitation is not limited to this scenario only, the flaw can also be triggered using command-line utilities by tricking them into printing attacker-controlled content. Some other examples of attack vectors includes using commands like curl to fetch a malicious website or using tail -f to follow a log file containing some malicious content.
Affected Products
iTerm2 versions prior to 3.3.6
Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.
Solution
Please refer to this KB Article to apply the patches using SanerNow.
