The Latest in IT Security

Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins


Program code on a monitor

Security risks in popular extensible text editors allow hackers to abuse plugins and escalate privileges on targeted systems, according to new research from SafeBreach. Inadequate separation of regular and elevated access modes used in editors and a lack of folder permissions integrity allow attackers to achieve execution of arbitrary code from regular user permissions.

A Mar.15 report from SafeBreach details the research of Dor Azouri, who looked at five notable text editors that offer the benefits of extensibility. By loading plugins for Sublime, Vim, Emacs, Gedit, and pico/nano– the most popular editors with third-party plugins for the UNIX environments, Azouri successfully leveraged each text editor for privilege escalation through simulated attacks.

Read More

Leave a reply


SUNDAY, MAY 09, 2021

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments