An issue in Loom through 0.196.1 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
With this tool, we can check if the App is Vulnerable:
After validation, we can inject our code, and get a shell
Enjoy Your Shell :)