CVE-2021-32692

Name of the Vulnerable Software and Affected Versions Activity Watch versions prior to 0.11.0

Description Activity Watch is a free and open-source automated time tracker. The issue allows an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. This can be exploited by having the user visit a website with the page title set to a malicious string, with the web browser being the most likely attack vector.

Recommendations For versions prior to 0.11.0, update to version 0.11.0 to resolve the issue. As a temporary workaround, users can run the latest version of aw-watcher-window from source, or manually patch the printAppTitle.scpt file.