An issue in Loom through 0.196.1 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

With this tool, we can check if the App is Vulnerable:

After validation, we can inject our code, and get a shell

Enjoy Your Shell :)