The Latest in IT Security

Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins

19
Mar
2018
Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins

Program code on a monitor

Security risks in popular extensible text editors allow hackers to abuse plugins and escalate privileges on targeted systems, according to new research from SafeBreach. Inadequate separation of regular and elevated access modes used in editors and a lack of folder permissions integrity allow attackers to achieve execution of arbitrary code from regular user permissions.

A Mar.15 report from SafeBreach details the research of Dor Azouri, who looked at five notable text editors that offer the benefits of extensibility. By loading plugins for Sublime, Vim, Emacs, Gedit, and pico/nano– the most popular editors with third-party plugins for the UNIX environments, Azouri successfully leveraged each text editor for privilege escalation through simulated attacks.

Read More

Leave a reply


Categories

TUESDAY, APRIL 24, 2018

Featured

Archives

Latest Comments

Social Networks