An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
With this tool, we can check if the App is Vulnerable:
After validation, we can inject our code, and get a shell