Find Outdated iTerm 2 Installation in Your Network
A new vulnerability has been disclosed for the popular macOS terminal emulator iTerm2. Mozilla Open Source Support Program (MOSS) discovered the vulnerability after investigating iTerm 2 due to its popularity and usage of untrusted data. MOSS discovered a remote command execution vulnerability (CVE-2019-9535). You can get more details about the vulnerability in the iTerm 2 vulnerability blog post.
The audit below lets you quickly identify Macs in your environment with an outdated iTerm2 version. This gives you an overview of how many devices are affected and you can monitor the update process to ensure your environment is fully patched.
iTerm 2 Vulnerability Audit Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblMacApplications.Version As Version,
Case
When tblMacApplications.Version = '3.3.6' Then 'Up to date'
Else 'Out of date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblMacOSInfo.SystemVersion As OS,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblMacApplications.LastChanged,
Case
When tblMacApplications.Version = '3.3.6' Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblMacApplications On
tblAssets.AssetID = tblMacApplications.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid
Where tblSoftwareUni.softwareName = 'iTerm' And tblState.Statename = 'Active'
Order By tblAssets.IPNumeric,
tblAssets.Domain,
tblAssets.AssetName,
Software
