iTerm 2 Vulnerability Audit

Find Outdated iTerm 2 Installation in Your Network

A new vulnerability has been disclosed for the popular macOS terminal emulator iTerm2. Mozilla Open Source Support Program (MOSS) discovered the vulnerability after investigating iTerm 2 due to its popularity and usage of untrusted data. MOSS discovered a remote command execution vulnerability (CVE-2019-9535). You can get more details about the vulnerability in the iTerm 2 vulnerability blog post.

The audit below lets you quickly identify Macs in your environment with an outdated iTerm2 version. This gives you an overview of how many devices are affected and you can monitor the update process to ensure your environment is fully patched.

iTerm 2 Vulnerability audit

iTerm 2 Vulnerability Audit Query

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tblSoftwareUni.softwareName As Software,
  tblMacApplications.Version As Version,
  Case
    When tblMacApplications.Version = '3.3.6' Then 'Up to date'
    Else 'Out of date'
  End As [Patch Status],
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblMacOSInfo.SystemVersion As OS,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblMacApplications.LastChanged,
  Case
    When tblMacApplications.Version = '3.3.6' Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor
From tblAssets
  Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblMacApplications On
    tblAssets.AssetID = tblMacApplications.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid
Where tblSoftwareUni.softwareName = 'iTerm' And tblState.Statename = 'Active'
Order By tblAssets.IPNumeric,
  tblAssets.Domain,
  tblAssets.AssetName,
  Software

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting