E-Ink News Daily

Back to list

MAD Bugs: Even "cat readme.txt" is not safe

Lobsters
BLblog.calif.io via ahobson
7.0/10

Researchers discovered a critical vulnerability in iTerm2's SSH integration feature where even basic commands like 'cat readme.txt' can lead to arbitrary code execution. The exploit abuses terminal escape sequences in the conductor protocol, turning normal terminal output into malicious commands. This finding was part of an AI-assisted security research partnership with OpenAI.

Background

iTerm2 is a popular terminal emulator for macOS that includes advanced features like SSH integration, which uses a helper script called 'conductor' to enable richer remote session management through terminal escape sequences.

Source
Lobsters
Published
Apr 18, 2026 at 10:58 PM
Score
7.0 / 10
securityterminalvulnerabilityiterm2
Read Original