V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Heimo
V2EX  ›  分享发现

Mac 终端利器 iTerm2 被曝严重的 RCE 漏洞,至少已存在 7 年

  •  
  •   Heimo · 2019-10-10 18:27:22 +08:00 · 1442 次点击
    这是一个创建于 1904 天前的主题,其中的信息可能已经有所发展或是发生改变。

    Freebuf 文章链接 https://www.freebuf.com/news/216278.html

    该漏洞影响于本周早些时候发布的 3.3.5 版本及之前版本。

    目前补丁已发布但自动更新尚未推送,建议用户立即在 iTerm2 目录中选择“检查新版本”手动更新至最新版本 3.3.6。

    第 1 条附言  ·  2019-10-10 19:28:17 +08:00
    CVE-2019-9535
    Heimo
        1
    Heimo  
    OP
       2019-10-10 19:23:38 +08:00
    3.3.6 版本部分 release notes

    iTerm2 version 3.3.6

    This build fixes a serious security issue. All
    users should upgrade.

    The Mozilla Foundation has generously sponsored a
    security audit of the iTerm2 source code. As part
    of this audit, a problem was discovered which
    could cause iTerm2 to issue commands in response
    to receiving certain input. This is a serious
    security issue because in some circumstances it
    could allow an attacker to execute commands on
    your machine when you view a file or otherwise
    receive input they have crafted in iTerm2.

    This issue has been assigned CVE-2019-9535.

    For more information, please visit the
    iterm2-discuss group.

    https://groups.google.com/forum/#!forum/iterm2-discuss

    For the full release notes for version 3.3, please
    see:
    https://iterm2.com/downloads/stable/iTerm2-3_3_0.changelog
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1078 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 22:55 · PVG 06:55 · LAX 14:55 · JFK 17:55
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.