Techly NewsGet the app

Get the latest tech news

Abusing url handling in iTerm2 and Hyper for code execution


What are escape sequences

These escape sequences are specially treated by terminal emulators to generate colors, cursor styles, cliboard access and even*wink* hyperlinks! over time and now mostly show a pop up to open external programs if a link uses non-standard url schemes like ssh://, ftp://, x-man-page:// etc. This was disclosed to Docker in August last year but is still unpatched and in combination with other vulnerabilities in terminal emulators may be leveraged as an easy attach vector to abuse.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of hyper

hyper

Photo of code execution

code execution

Photo of iTerm2

iTerm2

Related news:

News photo

iTerm2 and AI Hype Overload

News photo

R language flaw allows code execution via RDS/RDX files

News photo

The hyper-clouds are open source's friends

« I want flexible queries, not RAG
The prospects for 128 bit processors (John R. Mashey, 1995) »