Published: 09/10/2019 Updated: 16/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an malicious user to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an malicious user to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.

Vulnerability Trend

Affected Products

Vendor Product Versions

Github Repositories

sedit - automatically encrypting text editor

Recent Articles

iTerm2 issues emergency update after MOSS finds a fatal flaw in its terminal code
The Register • Thomas Claburn in San Francisco • 10 Oct 2019

It's time to update or call 0118 999 88199 9119 7253

The author of popular macOS open source terminal emulator iTerm2 has rushed out a new version (v3.3.6) because prior iterations have a security flaw that could allow an attacker to execute commands on a computer using the application.
The vulnerability (CVE-2019-9535) was identified through the Mozilla Open Source Support Program (MOSS), which arranged to audit iTerm2 under its remit to review open source projects for security problems. A third-party security biz, Radically Open Security, ...

iTerm2 Patches Critical Vulnerability Active for 7 Years
BleepingComputer • Ionut Ilascu • 10 Oct 2019

The most popular terminal emulator for macOS, iTerm2, has been updated to fix a critical security issue that survived undisclosed for at least seven years.
Attackers can achieve remote command execution on systems with a vulnerable iTerm2 version when the application is used to connect to a malicious source.
Tracked as CVE-2019-9535, the vulnerability was discovered following a security audit from Radically Open Security, sponsored by the Mozilla Open Source Support (MOSS) program.