On the 7th of Match 2017, the Wikileaks has made most possibly the biggest data leak ever about CIA, in a series of documents which are code-named “Vault 7”. In this documents, there are details about the existence of a huge cyber espionage campaign but also show how the agency used zero days security flaws in Windows, MacOS, iPhones, Linux, and Android devices, There are several other popular software including Notepad and video player VLC.
The VLC player has issued an official statement regarding this topic but the Notepad++ has released patches as their name was first on the list of softwares used by the CIA to target Windows users.
In its official blog post Notepad++ said the following:
The issue of hijacked DLL concerns scilexer.dll on compromised PC, which is then replaced by a modified scilexer.dll built by CIA. When Notepad++ was launched, the modified scilexer.dll is first loaded instead of the original one installed by the creators.
It does not mean that CIA is interested in knowing your coding skill or in your sex message content in the Notepad++, but rather they prevent raising any red flags while their DLL does the data collection in background.
It’s not a security issue or vulnerability in Notepad++, but to cure this issue, from the release (v7.3.3) forward, notepad++.exe checks the certificate validation in the scilexer.dll before it is actually loaded. If their certificate is found missing, then Notepad++ will fail to launch.
Just like knowing lock is useless for those people who are willing to get into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately.
Otherwise, there are a lot of enhancements and bug fixes which improve your Notepad++ experience. For all the detail change log, please check on the Download page.”
Image source: Hackread