Apple fixes serious sudo vulnerability in macOS

By Sofia Elizabella Wyciślik-Wilson
Published 3 years ago

A serious vulnerability was recently discovered in the sudo tool which could be used to gain root access on Linux-based systems. It soon transpired that the very same issue also affects macOS.

The security vulnerability -- known as Baron Samedit and tracked as CVE-2021-3156 -- is a years-old heap-based buffer overflow bug, and Apple has now issued a patch that fixes the problem for users of Big Sur, Catalina and Mojave flavors of macOS.

See also:

Yesterday, the company released macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002. In addition to fixing two security issues relating to Intel graphic drivers in Big Sur and Catalina, the updates also fix the sudo flaw.

In a support document about the update, Apple lists the three problems the updates address:

Intel Graphics Driver
Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with additional validation.
CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Sudo
Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed by updating to sudo version 1.9.5p2.
CVE-2021-3156: Qualys

All macOS users are advised to check for and install the updates as soon as possible.

Image credit: Alberto Garcia Guillen / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Apple fixes serious sudo vulnerability in macOS

Recent Headlines

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Overcoming real-time data integration challenges to optimize for surgical capacity and better care

From Windows XP to Windows 10 -- How Microsoft's end-of-life nag screens have changed

Pour one out for the Linux homies: Fedora 40 released

Phishing attacks up 60 percent driven by AI

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE