Ncurses, short for “new curses,” is a programming library that contains a number of memory corruption problems that could be used by threat actors to execute malicious code on Linux and macOS systems.
Researchers from Microsoft Threat Intelligence Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse wrote in a technical report released today: “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the context of the targeted program or perform other malicious actions.”