Common Hacker Tool Hit with Hackable Vulnerability

  /     /     /  
Publicated : 23/11/2024   Category : security


Common Hacker Tool Hit with Hackable Vulnerability


A researcher has found a significant exploit in one of the most frequently used text editors.



Security researcher Arminius has discovered a hackable vulnerability and exploit in Vim, arguably the most commonly used text editor among developers, hackers, and system engineers.
Vim
is generally included as vi in most Unix and MacOS distributions. The vulnerability takes advantage of a vim feature called
modeline
, which is typically used to create custom settings for the way text or formatting will be handled in a file, for a project, or for all occasions of the editors use.
In the exploit, a particular text string can be entered that causes the editor to accept arbitrary code and execute it outside of the sandbox in which most modeline commands are executed, regardless of whether that code has anything to do with the editor. The exploit is possible because, in many implementations, modeline is enabled by default, regardless of whether the system owner is using the feature.
The vulnerability has been patched in Vim patch 8.1.1365 and a Neovim patch (released in v0.3.6), but Arminius recommends that users explicitly disable modeline on their systems.
Read more 
here
 and
here


Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Common Hacker Tool Hit with Hackable Vulnerability