Sublime Text 3 Build 3208 or prior for MacOS is a popular text editor used by developers and writers. This vulnerability allows an attacker to inject malicious code into the application's dylib library, potentially leading to arbitrary code execution.
You're affected if you use Sublime Text 3 Build 3208 or prior for MacOS. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to Sublime Text 3 Build 3209 or later from the official website: https://www.sublimetext.com/download.html
- Immediate mitigations:
- Restrict network access to your Sublime Text instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation