iTerm2 officially released a security update to fix a remote code execution vulnerability for at least 7 years, with a serious vulnerability level, which has been assigned CVE-2019-9535.
iTerm2 is one of the most popular terminals in the world and is very popular with developers. During the review of iTerm2, security researchers found that iTerm2’s tmux integration function has serious vulnerabilities. When an attacker can generate output on the user’s terminal (such as ssh, curl, etc.), the attacker can execute commands on the user’s computer.
All versions prior to iTerm2 3.3.5.
iTerm2 version 3.3.6.
It is recommended that users of iTerm2 install the latest patches in time to avoid hacking.