People are still using iTerm2 right? I never really got why since the macOS Terminal.app is quite capable and if I wanted to have similar behavior I could run tmux myself.
https://blog.calif.io/p/ma...
@nprofile1q... What I find more interesting than how the exploit works, is the decision to release this post although there is no release of iterm that isn't vulnerable. They argue that the fix commit [1] is public, and that LLMs could write an exploit trivially easily just from that, so it is "okay" to publish their findings, including an updated exploit that works around the fix commit. Not very "responsible" of them.
[1]: https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86
[1]: https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86
1