VU#763073: iTerm2 with tmux integration is vulnerable to remote command execution

Vulnerability Note: VU#763073: iTerm2 with tmux integration is vulnerable to remote command execution

Published:

Description: iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability,identified as CVE-2019-9535,exists in the way that iTerm2 integrates with tmux’s control mode,which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5.

Source: CERT.ORG

 

Tags