CVE-2019-9535: iTerm2 Remote Code Execution Vulnerability Alert

iTerm2 officially released a security update to fix a remote code execution vulnerability for at least 7 years, with a serious vulnerability level, which has been assigned CVE-2019-9535.

iTerm2 is one of the most popular terminals in the world and is very popular with developers. During the review of iTerm2, security researchers found that iTerm2’s tmux integration function has serious vulnerabilities. When an attacker can generate output on the user’s terminal (such as ssh, curl, etc.), the attacker can execute commands on the user’s computer.

Affected version

All versions prior to iTerm2 3.3.5.

Unaffected version

iTerm2 version 3.3.6.

Solution

It is recommended that users of iTerm2 install the latest patches in time to avoid hacking.