MAD Bugs: Even "cat readme.txt" is not safe
Summary
A security write-up details a high risk vulnerability in iTerm2's SSH integration that allows untrusted terminal output to impersonate the remote conductor via forged DCS and OSC sequences, enabling arbitrary code execution under certain conditions. The article explains the background, the PTY mechanism, the exploit flow, and how to reproduce it, highlighting the risk for users relying on iTerm2's SSH integration.