According to researchers, the iTerm macOS terminal app, an open-source application, which replaces the built-in terminal app of Mac devices, was found to be a critical one vulnerability. This vulnerability has been known for 7 years. Has been named CVE-2019-9535. It was discovered by Mozilla Open Source Support Program in one of its tests.
The iTerm 2 The app processes a large amount of data, which is not protected. In addition, it is used by many developers. This is a very popular application. Given the large amount of information it manages and the importance of this information (this is very confidential) data), detection of any vulnerability is of the utmost importance.
According to a blog post by Mozilla, the issue is very important. it is about a RCE vulnerability in tmux integration. The malicious hackers could exploit the vulnerability to execute various commands.
What can they do? hackers;
Hackers could use vulnerability for any malicious activity. For example, they could link the terminal app to the malicious one server SSH or use the tail-f attribute to track a malicious file and link it to the app. In addition, they could link the app to some malware website.
Usually, this vulnerability requires some tricks to be used by hackers. However, according to them researchers, iTerm vulnerability can be used much easier. All versions of iTerm up to 3.3.5 are vulnerable to the error. The team behind iTerm fixed the problem in the new 2.3.6 release. The experts recommend that all users of the app install the update in order to protect themselves from vulnerability. Users can download the update themselves or update it software using the installed applications menu.