The ncurses (short for new curses) programming library has a collection of memory corruption vulnerabilities that might be used by threat actors to execute malicious code on susceptible Linux and macOS systems.
As of April 2023, the vulnerabilities—collectively recorded as CVE-2023-29491, with a CVSS score of 7.8—had been fixed. Microsoft claimed to have collaborated with Apple to resolve the macOS-specific problems associated with these vulnerabilities.
Â
Researchers from Microsoft Threat Intelligence Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse stated in a technical report released today that “attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions” by using environment variable poisoning.
(Score: 5) - 4.1/5
4.1/5