ITerm2 is one of the most popular terminal emulators in the world, and frequently used by developers. Mozilla is an open source company, and the funding MOSS provides is one of the key ways that we continue to ensure the open source ecosystem is healthy and secure. Track III of MOSS - created in the wake of the 2014 Heartbleed vulnerability - supports security audits for widely used open source technologies like iTerm2.
All users of iTerm2 should update immediately to the latest version (3.3.6) which has been published concurrent with this blog post.įounded in 2015, MOSS broadens access, increases security, and empowers users by providing catalytic support to open source technologists.
After finding the vulnerability, Mozilla, Radically Open Security (ROS, the firm that conducted the audit), and iTerm2’s developer George Nachman worked closely together to develop and release a patch to ensure users were no longer subject to this security threat. A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2.