Articles about CVE-2021-3156

A serious vulnerability was recently discovered in the sudo tool which could be used to gain root access on Linux-based systems. It soon transpired that the very same issue also affects macOS.

The security vulnerability -- known as Baron Samedit and tracked as CVE-2021-3156 -- is a years-old heap-based buffer overflow bug, and Apple has now issued a patch that fixes the problem for users of Big Sur, Catalina and Mojave flavors of macOS.

Continue reading →

We recently wrote about a serious vulnerability in the sudo tool which could be used to gain root access to Linux systems. Now a security researcher has found that the security flaw also affects macOS Big Sur -- including on new M1 Macs.

The Baron Samedit vulnerability -- or CVE-2021-3156 -- is a heap-based buffer overflow bug that was discovered by cybersecurity firm Qualys. While it was initially thought to only affect Linux systems, researcher Matthew Hickey (who also goes by the name Hacker Fantastic) found that macOS is also vulnerable with only very minor changes needed to the original exploit.

Continue reading →

Security researchers have revealed details of a vulnerability in Sudo that could be exploited by an attacker to gain root privileges on a wide range of Linux-based systems.

News of the security flaw was shared by Qualys, and it has been described as "perhaps the most significant sudo vulnerability in recent memory". Worryingly, the heap-based buffer overflow bug has existed for almost a decade. It is known as Baron Samedit, tracked as CVE-2021-3156, and affects various versions of Sudo.

Continue reading →