Cybersecurity analysts have showcased a proof-of-concept (PoC) rootkit referred to as Curing, which utilizes a Linux asynchronous I/O framework known as io_uring to evade conventional system call observation.
This results in a “significant gap in Linux runtime security instruments,” ARMO stated.
“This framework enables a user application to execute multiple operations without relying on system calls,” the firm expressed in