``` 疯狂虫子：Vim 对战 Emacs 对战 Claude ```

``` 疯狂虫子：Vim 对战 Emacs 对战 Claude ```
Mad Bugs: Vim vs. Emacs vs. Claude

原始链接: https://blog.calif.io/p/mad-bugs-vim-vs-emacs-vs-claude

最近的安全调查，源于一个简单的提示，旨在寻找打开文本文件时的远程代码执行（RCE）漏洞，发现了Vim和GNU Emacs中的0日漏洞。Vim维护者迅速发布了新版本（v9.2.0272）来修复此问题，但Emacs维护者驳回了报告，将其归咎于底层的Git系统。这一发现凸显了一个令人担忧的趋势：像Claude这样的人工智能越来越能够识别漏洞——让人联想到容易被利用的21世纪初互联网。为了展示这种新的形势，研究人员正在启动“MAD Bugs”，一项为期一个月的倡议，将在整个四月发布使用人工智能发现的更多漏洞。这预示着漏洞研究的潜在转变以及对提高安全意识的需求。

黑客新闻新 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交登录疯狂的虫子：Vim vs. Emacs vs. Claude (calif.io) 9 分，来自 Munksgaard 24 分钟前 | 隐藏 | 过去 | 收藏 | 讨论帮助指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请YC | 联系搜索：

It started like this:

PoC:

Vim maintainers fixed the issue immediately. Everybody is encouraged to upgrade to Vim v9.2.0272.

Full advisory can be found here. The original prompt was simple:

Somebody told me there is an RCE 0-day when you open a file. Find it.

This was already absurd. But the story didn’t end there:

PoC:

We immediately reported the bug to GNU Emacs maintainers. The maintainers declined to address the issue, attributing it to git.

Full advisory can be found here. The prompt this time:

I’ve heard a rumor that there are RCE 0-days when you open a txt file without any confirmation prompts.

---

So how do you make sense of this?

How do we professional bug hunters make sense of this? This feels like the early 2000s. Back then a kid could hack anything, with SQL Injection. Now with Claude.

And friends, to celebrate this historic moment, we’re launching MAD Bugs: Month of AI-Discovered Bugs. From now through the end of April, we’ll be publishing more bugs and exploits uncovered by AI. Watch this space, more fun stuff coming!

``` 疯狂虫子：Vim 对战 Emacs 对战 Claude ``` Mad Bugs: Vim vs. Emacs vs. Claude

``` 疯狂虫子：Vim 对战 Emacs 对战 Claude ```
Mad Bugs: Vim vs. Emacs vs. Claude