https://hackingpassion.com/tags/macos/Recent content in Macos on HackingPassion.com : root@HackingPassion.com-[~]HugoenSat, 18 Apr 2026 11:19:07 +0200https://hackingpassion.com/iterm2-cat-readme-rce-cve-2026-41253/Sat, 18 Apr 2026 11:19:07 +0200https://hackingpassion.com/iterm2-cat-readme-rce-cve-2026-41253/<p>iTerm2, the terminal emulator that ends up on almost every Mac developer&rsquo;s machine, is vulnerable to a remote code execution attack that occurs when attacker-controlled text is displayed in the terminal, most commonly through reading a file with cat, less, or head. <strong>CVE-2026-41253</strong>, disclosed on April 17, covers every stable release up through version <strong>3.6.9</strong>, which is still the current build on the downloads page because the fix that landed in source on March 31 has not yet shipped in a new release. Researchers at Calif Global turned a plain file-display operation into a full shell as the logged-in user by abusing a legitimate SSH integration feature that iTerm2 trusts by default, without a single click, a single download, or a single signature for any security tool to catch. 😏</p>