From Indirect Prompt Injection to DNS Exfiltration in macOS Terminal
This is a follow-up to my previous Terminal DiLLMa research, and there is a positive outcome: Apple fixed a macOS Terminal behavior that enabled a DNS-based data exfiltration technique.
DNS Requests via ANSI Escape CodesDavid Leadbeater originally discovered an interesting behavior in the macOS Terminal app that allowed a special sequence of ANSI escape codes to issue DNS requests.
In short, this triggered a DNS request from the macOS Terminal app: