Advanced text editors for Unix and Linux systems are vulnerable to a critical privilege escalation flaw that could be exploited by attackers to run malicious code on a victims’ machines. The issue resides in the way these text editors load plugins for these editors. Their folder permissions integrity is not maintained correctly, which opens the door for attackers with regular user permissions to elevate their privileges and execute arbitrary code on the user’s machine. Users should avoid loading 3rd-party plugins when the editor is elevated and deny write permissions for non-elevated users.
Source: https://thehackernews.com/2018/03/text-editors-extensibility.html