Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was gonna ask if Terminal never had any security issues, then tried to find a page with its release notes, and unfortunately couldn't find anything.

I also tried different macOS release notes [1][2][3][4], doing ctrl F "terminal" and could't find anything either.

Does anyone know where this is published? Is it not publicly available?

[1] https://developer.apple.com/documentation/macos-release-note...

[2] https://support.apple.com/en-us/120283

[3] https://support.apple.com/en-in/109035

[4] https://support.apple.com/en-us/106337



There definitely have been CVEs in Terminal.app, over many years:

- https://www.cve.org/CVERecord?id=CVE-2008-0042

- https://www.cve.org/CVERecord?id=CVE-2002-1898

- https://infocon.org/cons/Disobey/Disobey%202017/Mikko%20Kent... [video, I can't find a reference to that in Apple's release notes]

- There is also https://seclists.org/oss-sec/2018/q1/216 -- which led to a vague credit for Federico Bento in https://support.apple.com/en-ng/103758 proving they don't give everything CVEs (fine, but when the issue is public already it would be helpful to have a bit more detail).

I reported https://dgl.cx/2023/09/ansi-terminal-security#apple-terminal... to Apple ~2 years ago and they still haven't fixed it. It's not as serious as some vulnerabilities though and likely doesn't deserve a CVE, would be nice if they fixed it though.

(Finding this can be hard because Apple only link to release notes for currently supported versions, the pages are still around if you know the URL or you can find them via searches if they happen to be indexed still.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: