Following recent string of attacks that exploit flawed plugins, researchers at SafeBreach examined 6 popular extensible text editors for unix systems.
Most of the modern text editors allow users to extend their functionalities by using third-party plugins, in this way they are enlarging their attack surface.
Third-party plugins could be affected by vulnerabilities that could be exploited by hackers to target our systems.
The situation is particularly severe in case the flaw affects a plugin for popular software such as WordPress or Windows’
extensions for Chrome, Firefox or Photoshop.
Dor Azouri, a researcher at SafeBreach, has analyzed several popular extensible text editors for both Unix and Linux systems discovered that except for pico/nano all of them are affected by a critical privilege escalation flaw.
....
....
....
....
