这是一个创建于 1863 天前的主题,其中的信息可能已经有所发展或是发生改变。
Freebuf 文章链接 https://www.freebuf.com/news/216278.html
该漏洞影响于本周早些时候发布的 3.3.5 版本及之前版本。
目前补丁已发布但自动更新尚未推送,建议用户立即在 iTerm2 目录中选择“检查新版本”手动更新至最新版本 3.3.6。
第 1 条附言 · 2019-10-10 19:28:17 +08:00
CVE-2019-9535
 |
1
Heimo OP 3.3.6 版本部分 release notes
iTerm2 version 3.3.6 This build fixes a serious security issue. All users should upgrade. The Mozilla Foundation has generously sponsored a security audit of the iTerm2 source code. As part of this audit, a problem was discovered which could cause iTerm2 to issue commands in response to receiving certain input. This is a serious security issue because in some circumstances it could allow an attacker to execute commands on your machine when you view a file or otherwise receive input they have crafted in iTerm2. This issue has been assigned CVE-2019-9535. For more information, please visit the iterm2-discuss group. https://groups.google.com/forum/#!forum/iterm2-discuss For the full release notes for version 3.3, please see: https://iterm2.com/downloads/stable/iTerm2-3_3_0.changelog |
Select Language