iTerm2 fixes critical SSH security flaw, and urges users to update immediately to v3.5.11

iTerm2 fixes critical SSH security flaw, and urges users to update immediately to v3.5.11

iTerm2, a prominent terminal emulator for macOS, has released version 3.5.11, addressing a critical security flaw. This update is highly recommended for immediate installation. The flaw involved a bug in the SSH integration feature, which led to input and output being logged to a file, /tmp/framer.txt, on the remote host. This file could potentially be accessed by other users on the host.

The issue manifests under two conditions: when using the it2ssh command or if the SSH option was selected in the command popup menu within Settings Profiles General, and if the remote host has Python 3.7 or later in its default path. Users who utilized the SSH integration feature in versions 3.5.6 through 3.5.10, including beta versions, may be affected.

Affected users should upgrade to version 3.5.11 immediately and remove the /tmp/framer.txt file from compromised hosts. The developer has expressed regret over this oversight and assured that the logging code has been removed and will not be reintroduced in future releases.

by Paul

MORE ABOUT: #Terminal Emulators#iTerm2
iTerm2 iconiTerm2
  173
  • ...

iTerm2 is a terminal emulator designed for macOS versions 10.10 and newer, serving as a modern alternative to the traditional Terminal and succeeding iTerm. It introduces advanced features such as Python support, SSH capabilities, and integrated search. Rated 5, iTerm2 is often compared with alternatives like ConEmu, Hyper, and Tabby Terminal.

Related news

All news about iTerm2 »

External links

No comments so far, maybe you want to be first?
Gu