Unknown · Activitywatch · CVE-2021-32692
**Name of the Vulnerable Software and Affected Versions**
Activity Watch versions prior to 0.11.0
**Description**
Activity Watch is a free and open-source automated time tracker. The issue allows an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. This can be exploited by having the user visit a website with the page title set to a malicious string, with the web browser being the most likely attack vector.
**Recommendations**
For versions prior to 0.11.0, update to version 0.11.0 to resolve the issue.
As a temporary workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file.