An arbitrary code execution flaw was identified in popular text editors Vim and Neovim. Security researcher Armin Razmjou discovered this vulnerability in the older versions of the two applications.
In a tweet, Razmjou mentioned that the vulnerability was the result of a feature known as ‘modelines’ in the application, which could enable attackers to execute arbitrary code and gain remote control over compromised systems.
Worth noting
How can you protect yourself?
On top of mentioning patches available, Razmjou has advised other countermeasures such as disabling modelines, using a plugin called ‘securemodelines’ or to disable ‘modelineexpr’ option in modelines.
Since Vim and Neovim are pre-installed in most of the Linux-based operating systems, Linux users are more prone to RCE attacks due to this flaw. Thus, they are advised to apply the patches available for the two applications.
Publisher