Apple fixes serious sudo vulnerability in macOS

No Comments
Apple logo and padlock

A serious vulnerability was recently discovered in the sudo tool which could be used to gain root access on Linux-based systems. It soon transpired that the very same issue also affects macOS.

The security vulnerability -- known as Baron Samedit and tracked as CVE-2021-3156 -- is a years-old heap-based buffer overflow bug, and Apple has now issued a patch that fixes the problem for users of Big Sur, Catalina and Mojave flavors of macOS.

See also:

Yesterday, the company released macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002. In addition to fixing two security issues relating to Intel graphic drivers in Big Sur and Catalina, the updates also fix the sudo flaw.

In a support document about the update, Apple lists the three problems the updates address:

Intel Graphics Driver

Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver

Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with additional validation.

CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Sudo

Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed by updating to sudo version 1.9.5p2.

CVE-2021-3156: Qualys

All macOS users are advised to check for and install the updates as soon as possible.

Image credit: Alberto Garcia Guillen / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Red Hat Enterprise Linux is coming to Windows Subsystem for Linux

PNY unveils PRO Elite V3 and Attaché X USB 3.2 flash drives

Manufacturing faces a wave of advanced email attacks

Satechi unveils Mac mini M4 Stand and Hub with SSD Enclosure

Supply chain attacks up over 400 percent since 2021

Google calls the AI fuzz to find vulnerabilities

HP offers enhanced protection for enterprise endpoints

Most Commented Stories

What happens to Linux when Linus Torvalds dies?

24 Comments

Windows 10: Microsoft reveals how much you'll need to pay to keep receiving updates

20 Comments

Bluesky thinking -- why left-wingers are leaving X and why X will get over it

16 Comments

Bring your Windows 10 and 11 desktops to life with the amazing (and free!) Sucrose -- download it now

15 Comments

The Guardian’s exit from Elon Musk’s X shows a lack of journalistic courage

13 Comments

Unnecessary replacement of hardware leads to higher costs and growing waste problem

9 Comments

Tech leaders congratulate Donald Trump on 2024 election victory

8 Comments

Belkin launches Connect USB-C 11-in-1 Pro GaN Dock with 150W power

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.