ALERT: iTerm2 Critical Remote Code Execution Vulnerability

  • Post author:
  • Reading time:3 mins read

.iTerm 2 Critical RCE

iTerm 2 vulnerability is causing problems as it is one of the most popular macOS terminal emulators and is a default choice for developers and administrators due to its extensive features like Windows transparency, full-screen mode, notifications, integration with tmux, etc. Vulnerability Management System can prevent these attacks.

A critical remote code execution vulnerability discovered in iTerm2 by Radically Open Security as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS). The vulnerability is identifying with CVE-2019-9535. And resides in the tmux integration feature of iTerm2, allowing an attacker to execute arbitrary commands on an affected system. A good Vulnerability Management Tool can resolve these issues.

A proof-of-concept video from Mozilla shows how connecting to a malicious SSH server can result in the running of an arbitrary command. However, Exploitation is not in limit to this scenario only. The flaw can also be triggering using command-line utilities by tricking them into printing attacker-controlled content. Some other examples of attack vectors include using commands like curl to fetch. A malicious website or using tail -f to follow a log file containing some malicious content.

Affected Products by iTerm 2 Vulnerability

iTerm2 versions prior to 3.3.6

Impact of iTerm 2 Vulnerability

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.

Solution for iTerm 2 Vulnerability

Please refer to this KB Article to apply the patches using SanerNow.

Share this article