A 7-year-old critical remote code execution vulnerability has been discovered in Mac’s terminal emulator app. The vulnerability resides in the tmux integration feature of iTerm2, which, if exploited, could allow an attacker to execute arbitrary commands. The flaw can also be triggered using command-line utilities by tricking them into printing attacker-controlled content. It has been patched with the release of Mac’s Terminal app 3.3.6, which users can download manually or check for updates within your installed apps menu.
Source: https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html