Security News > 2020 > February > Oh ****... Sudo has a 'make anyone root' bug that needs to be patched – if you're unlucky enough to enable pwfeedback
2020-02-05 18:02
Sudo is included in macOS, but this option was not enabled when we tried it on our Catalina box.
If sudo is installed and vulnerable, any user can trigger the vulnerability, even if not listed in the sudoers list of those with sudo privileges.
You can tell if you are vulnerable by running sudo -l and checking the output.
The next thing to do is to check the version number with sudo -version.
The bug is fixed in sudo 1.8.31, available now, and versions 1.8.26 to 1.8.30 are not exploitable.