An audit sponsored by Mozilla led to the discovery of a critical flaw (CVE-2019-9535) within iTerm2, a well known open-source terminal emulator app that serves the same purpose as the native terminal macOS app but for those that use the command line. In a description from Mozilla, it sounds like the flaw could be exploited in many unknown ways. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” stated Tom Ritter from Mozilla. The bug has been in the tmux integration feature of iTerm2 for around seven years. Mozilla wanted to support the audit of iTerm2 because it is very popular with developers and admins and they used the Mozilla Open-Source Support Program (MOSS), and the audit itself was performed by Radically Open Security. Although user interaction is necessary for it to be exploited, the flaw could be extremely dangerous because it can be exploited by commands. “This is a serious security issue because in some circumstances it could allow an attacker to execute commands on your machine when you view a file or otherwise receive input, they have crafted in iTerm2,” mention the developers from iTerm2. A patch was released yesterday, October 9th, in version 3.3.6 of iTerm2.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that