These vulnerabilities highlight the evolving landscape of cybersecurity threats and the potential for AI to aid in both offensive and defensive security practices. ### Vim RCE Vulnerability and Patch **Hung Nguyen**, a researcher at **Calif**, an AI red teaming and security engineering firm, tasked **Claude** with finding a zero-day RCE vulnerability in **Vim** that could be exploited by opening a file. The AI assistant successfully identified weaknesses in **Vim's** modeline handling. Modelines are configurations embedded at the beginning of a file that instruct **Vim** on how to handle it. The vulnerability allowed arbitrary code execution by bypassing sandbox restrictions. This affects **Vim** versions 9.2.0271 and earlier. **Nguyen** reported the issue, and the **Vim** maintainers promptly released a patch in version 9.2.0272. According to the security bulletin, an attacker could achieve arbitrary command execution with the privileges of the user running **Vim** by delivering a crafted file. ### GNU Emacs Vulnerability: A Git Dependency Issue The vulnerability discovered in **GNU Emacs** remains unpatched, as the maintainers consider it the responsibility of **Git** to address. The problem arises from **GNU Emacs's** version control integration (vc-git). Opening a file triggers **Git** operations via `vc-refresh-state`, causing **Git** to read the `.git/config` file. This can lead to the execution of a user-defined `core.fsmonitor` program, enabling arbitrary command execution. An attack scenario involves an archive containing a hidden `.git/` directory with a config file pointing to an executable script. When a user extracts the archive and opens a text file, the malicious payload executes without any visible indicators on the default **GNU Emacs** configuration. While the **GNU Emacs** maintainers argue that the vulnerability lies within **Git**, the risk to users remains because the editor automatically runs **Git** on untrusted directories without proper sanitization or user consent. **Nguyen** suggested that **GNU Emacs** could modify **Git** calls to explicitly block `core.fsmonitor`, preventing automatic execution of dangerous scripts when opening a file. Until a patch is released, users are advised to exercise extreme caution when opening files from unknown sources or downloaded from the internet when using **GNU Emacs**.