Critical remote code execution flaw fixed in popular terminal app for macOS

A security audit sponsored by Mozilla uncovered a critical remote code execution (RCE) vulnerability in iTerm2, a popular open-source terminal app for macOS. The flaw can be exploited if an attacker can force maliciously crafted data to be outputted by the terminal application, typically in response to a command issued by the user.


This is a companion discussion topic for the original entry at https://www.itworld.com/article/3445044/critical-remote-code-execution-flaw-fixed-in-popular-terminal-app-for-macos.html#tk.rss_all