For the last seven years, iTerm2, the most used terminal emulator for macOS, contained a critical flaw that could have enabled threat actors to run arbitrary code on vulnerable systems in various ways. This is especially worrisome considering the fact that the application’s user base consists in large part of software developers and system administrators.
Attackers could exploit the vulnerability, tracked as CVE-2019-9535, by getting an iTerm2 user to connect to a malicious SSH server or to request content from a malicious website using the ‘curl’ command. The flaw was found in a recent audit by Radically Open Security and has since been patched.
Read more: iTerm2 Patches Critical Vulnerability Active for 7 Years