"Microsoft Flushes Out 'Ncurses' Gremlins"

The "ncurses" programming library contains multiple memory corruption vulnerabilities that allow attackers to target applications running in macOS, Linux, and FreeBSD. Microsoft researchers discovered the vulnerabilities in the library that provides Application Programming Interfaces (APIs) for text-based user interfaces and terminal applications. Researchers from the company's threat intelligence team described the vulnerabilities in a technical report as enabling data leaks, privilege escalation, and arbitrary code execution. After finding the vulnerabilities in the ncurses library, they teamed up with the library's maintainer, Thomas E. Dickey, and Apple to resolve the issues across platforms. Exploiting vulnerabilities in the ncurses library could significantly impact users, as attackers could perform malicious actions such as elevating privileges to execute code in the context of a targeted program and accessing and modifying valuable data and resources. This article continues to discuss the recently patched memory corruption vulnerabilities.

Dark Reading reports "Microsoft Flushes Out 'Ncurses' Gremlins"

Submitted by Gregory Rigby on