Security risks in popular extensible text editors allow hackers to abuse plugins and escalate privileges on targeted systems, according to new research from SafeBreach. Inadequate separation of regular and elevated access modes used in editors and a lack of folder permissions integrity allow attackers to achieve execution of arbitrary code from regular user permissions.
A Mar.15 report from SafeBreach details the research of Dor Azouri, who looked at five notable text editors that offer the benefits of extensibility. By loading plugins for Sublime, Vim, Emacs, Gedit, and pico/nano– the most popular editors with third-party plugins for the UNIX environments, Azouri successfully leveraged each text editor for privilege escalation through simulated attacks.
Leave a reply