Slashdot: Vim and Neo Editors Vulnerable To High-Severity Bug

Vim and Neo Editors Vulnerable To High-Severity Bug
Published on June 15, 2019 at 11:04PM
JustAnotherOldGuy quotes Threatpost: A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor. Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neowim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution... Vim and Neovim have both released patches for the bug (CVE-2019-12735) that the National Institute of Standards and Technology warns, "allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline." "Beyond patching, it's recommended to disable modelines in the vimrc (set nomodeline), to use the securemodelinesplugin, or to disable modelineexpr (since patch 8.1.1366, Vim-only) to disallow expressions in modelines," the researcher said.

Read more of this story at Slashdot.

Comments

Post a Comment

Popular posts from this blog

Slashdot: Apple's US iPhones Can All Be Made Outside of China If Needed

Image
Apple's US iPhones Can All Be Made Outside of China If Needed Published on June 11, 2019 at 07:30PM Apple has a backup plan if the U.S.-China trade war gets out of hand. From a report: The Cupertino, Calif.-based company's primary manufacturing partner has enough capacity to make all iPhones bound for the U.S. outside of China if necessary, according to a senior executive at Hon Hai Precision Industry Co. The Taiwanese contract manufacturer now makes most of the smartphones in the Chinese mainland. China is a crucial cog in Apple's business, the origin of most of its iPhones and iPads as well as its largest international market. But President Donald Trump has threatened Beijing with new tariffs on about $300 billion worth of Chinese goods, an act that would escalate tensions dramatically while levying a punitive tax on Apple's most profitable product. Hon Hai, known also as Foxconn, is the American giant's most important manufacturing partner. It will fully support ...
Read more

Slashdot: 7,000 Developers Report Their Top Languages: Java, JavaScript, and Python

Image
7,000 Developers Report Their Top Languages: Java, JavaScript, and Python Published on June 17, 2019 at 04:04PM "JetBrains released its State of Developer Ecosystem 2019 report, which found while Java is still the most popular primary language and JavaScript is the most used overall, Python is gaining speed," reports SD Times: The report surveyed about 7,000 developers worldwide, and revealed Python is the most studied programming language, the most loved language, and the third top primary programming language developers are using... The top use cases developers are using Python for include data analysis, web development, machine learning and writing automation scripts, according to the JetBrains report. More developers are also beginning to move over to Python 3, with 9 out of 10 developers using the current version. The JetBrains report also found while Go is still a young language, it is the most promising programming language. "Go started out with a share of 8% in 2...
Read more

Slashdot: In Stores, Secret Surveillance Tracks Your Every Move

Image
In Stores, Secret Surveillance Tracks Your Every Move Published on June 15, 2019 at 01:40AM In retail stores, Bluetooth "beacons" are watching you, using hidden technology in your phone. From a report: Imagine you are shopping in your favorite grocery store. As you approach the dairy aisle, you are sent a push notification in your phone: "10 percent off your favorite yogurt! Click here to redeem your coupon." You considered buying yogurt on your last trip to the store, but you decided against it. How did your phone know? Your smartphone was tracking you. The grocery store got your location data and paid a shadowy group of marketers to use that information to target you with ads. Recent reports have noted how companies use data gathered from cell towers, ambient Wi-Fi, and GPS. But the location data industry has a much more precise, and unobtrusive, tool: Bluetooth beacons. These beacons are small, inobtrusive electronic devices that are hidden throughout the grocery...
Read more