Hackers Can Abuse Text Editors for Privilege Escalation

March 15, 2018

Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches.

Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some benefits, an expert determined that it can also introduce security risks.

SafeBreach researcher Dor Azouri has analyzed the Sublime, Vim, Emacs, Gedit, pico and nano text editors, and found that only pico and its clone, nano, are not prone to abuse, mainly due to the fact that they offer only limited extensibility.

