hackers abusing text editors for privilege escalation

-
some text editors allow 3rd party code to run as a extensions to the application, this provides some benefits but also can be a security risk. a researcher named dor azouri looked at some programs called sublime , vim , emacs , gedit and pico and found that half allow this privilege escalation. for example if i am an system admin and i restrict privileges to certain applications or permissions. these editors allow me to bypass by adding a few lines of code which starts the programs. you can read more on this article.

https://www.securityweek.com/hackers-can-abuse-text-editors-privilege-escalation

Comments

Post a Comment

Popular posts from this blog

hackers awarded $267k at pwn2own 2k18

-
white hat hackers earn money from big companies that sponsor attacks to find exploits in edge , apple safari , virtual box and firefox. first day a hacker called rich zhu earned 70k from an attack on edge , another hacker received $65k for hacking safari. the second day of these events Zhu hacked firefox and earned 120k for his efforts. that right thier was some easy money. if you asked me. MWR also earned 55k for a safari sandbox escape exploit. the highest prizes at this event was from microsoft which offered  $150k for hyper v exploits, 100k for outlook exploits and windows smd 100k. you can read more on this link below. thanks https://www.securityweek.com/hackers-awarded-267000-pwn2own-2018
Read more