Find Outdated iTerm 2 Installation in Your Network
A new vulnerability has been disclosed for the popular macOS terminal emulator iTerm2. Mozilla Open Source Support Program (MOSS) discovered the vulnerability after investigating iTerm 2 due to its popularity and usage of untrusted data. MOSS discovered a remote command execution vulnerability (CVE-2019-9535). You can get more details about the vulnerability in the iTerm 2 vulnerability blog post.
The audit below lets you quickly identify Macs in your environment with an outdated iTerm2 version. This gives you an overview of how many devices are affected and you can monitor the update process to ensure your environment is fully patched.
iTerm 2 Vulnerability Audit Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblMacApplications.Version As Version, Case When tblMacApplications.Version = '3.3.6' Then 'Up to date' Else 'Out of date' End As [Patch Status], tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblMacOSInfo.SystemVersion As OS, tblAssets.Lastseen, tblAssets.Lasttried, tblMacApplications.LastChanged, Case When tblMacApplications.Version = '3.3.6' Then '#d4f4be' Else '#ffadad' End As backgroundcolor From tblAssets Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid Where tblSoftwareUni.softwareName = 'iTerm' And tblState.Statename = 'Active' Order By tblAssets.IPNumeric, tblAssets.Domain, tblAssets.AssetName, Software