Apple fixes serious sudo vulnerability in macOS

By Sofia Elizabella Wyciślik-Wilson
Published 4 years ago

A serious vulnerability was recently discovered in the sudo tool which could be used to gain root access on Linux-based systems. It soon transpired that the very same issue also affects macOS.

The security vulnerability -- known as Baron Samedit and tracked as CVE-2021-3156 -- is a years-old heap-based buffer overflow bug, and Apple has now issued a patch that fixes the problem for users of Big Sur, Catalina and Mojave flavors of macOS.

See also:

Yesterday, the company released macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002. In addition to fixing two security issues relating to Intel graphic drivers in Big Sur and Catalina, the updates also fix the sudo flaw.

In a support document about the update, Apple lists the three problems the updates address:

Intel Graphics Driver
Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with additional validation.
CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Sudo
Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed by updating to sudo version 1.9.5p2.
CVE-2021-3156: Qualys

All macOS users are advised to check for and install the updates as soon as possible.

Image credit: Alberto Garcia Guillen / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Apple fixes serious sudo vulnerability in macOS

Recent Headlines

Save $12! Get 'The ChatGPT Revolution' for FREE

Corsair launches MP700 ELITE PCIe 5.0 SSD

Fix Windows 11 and enjoy the OS as it was meant to be

This Election Day vote for freedom and make a REAL change

X starts the rollout of update that renders blocking near-pointless

Navigating the future: Cloud migration journeys and data security

SMART Modular Technologies unveils rugged T6EN PCIe/NVMe SSDs for critical applications

Most Commented Stories

Switching from Microsoft Windows 11 to Linux is like Columbus discovering America

Windows 10: Microsoft reveals how much you'll need to pay to keep receiving updates

Bring your Windows 10 and 11 desktops to life with the amazing (and free!) Sucrose -- download it now

Seelen UI transforms Windows 10 and 11 into your dream OS -- download it now

Unnecessary replacement of hardware leads to higher costs and growing waste problem

Belkin launches Connect USB-C 11-in-1 Pro GaN Dock with 150W power

Apple launches new compact Mac mini with M4 and M4 Pro chips

The latest version of Ubuntu Linux is here -- don’t delay, dump Windows 11 today!