Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it againFULL VERSION + CRACK
With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of movesFULL VERSION + CRACK
Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effectsFULL VERSION + CRACK
Take advantage of stunning sound quality and realism in your multimedia experiences, with sound that surrounds you with the help of this app that gives you a free trial of Dolby Atmos.FULL VERSION + CRACK
Rich-featured CAD application that enables users to quickly load, visualize and edit all their DWG files, as well as create new drawings from scratchFULL VERSION + CRACK
A security audit sponsored by Mozilla uncovered a critical remote code execution (RCE) vulnerability in iTerm2, a popular open-source terminal app for macOS. The flaw can be exploited if an attacker can force maliciously crafted data to be outputted by the terminal application, typically in response to a command issued by the user.
ITerm2 is an open-source alternative to the built-in macOS Terminal app, which allows users to interact with the command-line shell. Terminal apps are commonly used by system administrators, developers and IT staff in general, including security teams, for a variety of tasks and day-to-day operations.
The iTerm2 app is a popular choice on macOS because it has features and allows customizations that the built-in Terminal doesn't, which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor a code audit for it. The MOSS was created in the wake of the critical and wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring security audits for widely used open-source technologies.
"MOSS selected iTerm2 for a security audit because it processes untrusted data and it is widely used, including by high-risk targets (like developers and system administrators)," Mozilla said in a blog post announcing the newly discovered vulnerability.
The flaw, which is now tracked as CVE-2019-9535, has existed in iTerm2 for the past seven years and is located in the tmux integration. Tmux is a terminal multiplexer that allows running multiple sessions in the same terminal window by splitting the terminal screen.
To exploit the vulnerability, attackers need to produce specially crafted output to the user's terminal, and this can be done in many ways--for example, if the user is connected to an attacker-controlled SSH server, if they use the curl command to parse an attacker-controlled URL, or if they open a local file where the attacker was able to place data, like a web server log.
Successful exploitation can result in arbitrary command execution on the user's machine, which means that the vulnerability enables remote command injection attacks. "Typically, this vulnerability would require some degree of user interaction or trickery, but because it can be exploited via commands generally considered safe there is a high degree of concern about the potential impact," Mozilla said.
The flaw was fixed in iTerm2 version 3.3.6, which was released today, and users are advised to update as soon as possible. By default, the application should notify users that a new version is available. The app's developer, George Nachman, worked closely with Radically Open Security, the company that conducted the audit for MOSS, to develop a patch for the vulnerability.
The processing of untrusted data is one of the most common sources of vulnerabilities in applications. For many apps, including iTerm2, this attack vector cannot be avoided because connecting to and loading files from remote servers is one of their main features. When remote code execution flaws are found in such apps, deploying patches as soon as possible is critical because they are a favorite target for attackers.
This story, "Critical remote code execution flaw fixed in popular terminal app for macOS" was originally published by CSO.