Ncurses, short for “new curses,” is a programming library that contains a number of memory corruption problems that could be used by threat actors to execute malicious code on Linux and macOS systems.
Researchers from Microsoft Threat Intelligence Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse wrote in a technical report released today: “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the context of the targeted program or perform other malicious actions.”
As of April 2023, the vulnerabilities, collectively tracked as CVE-2023-29491 (CVSS score of 7.8), have been fixed. Microsoft claimed that it also collaborated with Apple to fix the macOS-specific problems caused by these weaknesses read more Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.