首页   注册   登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
探索世界的好奇心万岁
Udacity
网易公开课
Godel, Escher, Bach: An Eternal Golden Braid
Heimo
V2EX  ›  分享发现

Mac 终端利器 iTerm2 被曝严重的 RCE 漏洞,至少已存在 7 年

  •  
  •   Heimo · 109 天前 · 817 次点击
    这是一个创建于 109 天前的主题,其中的信息可能已经有所发展或是发生改变。

    Freebuf 文章链接 https://www.freebuf.com/news/216278.html

    该漏洞影响于本周早些时候发布的 3.3.5 版本及之前版本。

    目前补丁已发布但自动更新尚未推送,建议用户立即在 iTerm2 目录中选择“检查新版本”手动更新至最新版本 3.3.6。

    第 1 条附言  ·  109 天前
    CVE-2019-9535
    Heimo
        1
    Heimo   109 天前
    3.3.6 版本部分 release notes

    iTerm2 version 3.3.6

    This build fixes a serious security issue. All
    users should upgrade.

    The Mozilla Foundation has generously sponsored a
    security audit of the iTerm2 source code. As part
    of this audit, a problem was discovered which
    could cause iTerm2 to issue commands in response
    to receiving certain input. This is a serious
    security issue because in some circumstances it
    could allow an attacker to execute commands on
    your machine when you view a file or otherwise
    receive input they have crafted in iTerm2.

    This issue has been assigned CVE-2019-9535.

    For more information, please visit the
    iterm2-discuss group.

    https://groups.google.com/forum/#!forum/iterm2-discuss

    For the full release notes for version 3.3, please
    see:
    https://iterm2.com/downloads/stable/iTerm2-3_3_0.changelog
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   1165 人在线   最高记录 5168   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.3 · 24ms · UTC 00:18 · PVG 08:18 · LAX 16:18 · JFK 19:18
    ♥ Do have faith in what you're doing.