Severe Security Flaw in Mac App Gets Fixed

Severe Security Flaw in Mac App Gets Fixed

A security update for Apple’s iTerm2 was released yesterday to address a flaw that could have been a huge privacy issue for the popular Mac application.

The newest version, 3.1.1, disables a feature which allowed iTerm2 to determine whether a word is a valid URL by doing a DNS request to see if the domain does exist. However, it was found that the feature could also leak passwords and other sensitive information that the user would mouse over.

Dutch developer Peter van Dijk reported the issue to iTerm2’s maintainer, George Nachman, who fixed the problem right away. Nachman issued an apology, saying that he failed to give the feature enough thought and that he would be more careful in the future.


Source: Bleeping Computer

Disini & Disini Law Office