Security experts at
The RCE flaw tracked as CVE-2019-9535 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS).
“A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used
The RCE vulnerability resides in the
The experts published a video PoC that shows how to exploit the vulnerability by producing output to the terminal. Possible attack vectors would be
“Typically, this vulnerability would require some degree of user interaction or trickery; but because it can be exploited via commands generally considered safe, there is a high degree of concern about the potential impact,” Mozilla concludes.
The iTerms2 version 3.3.6 addresses the flaw that