Lambdanana

**Name of the Vulnerable Software and Affected Versions** Activity Watch versions prior to 0.11.0 **Description** Activity Watch is a free and open-source automated time tracker. The issue allows an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. This can be exploited by having the user visit a website with the page title set to a malicious string, with the web browser being the most likely attack vector. **Recommendations** For versions prior to 0.11.0, update to version 0.11.0 to resolve the issue. As a temporary workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file.