Security News > 2021 > February > Latest macOS Big Sur also has SUDO root privilege escalation flaw
A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet.
Last week, BleepingComputer had reported on CVE-2021-3156 aka Baron Samedit, a flaw in SUDO which lets local users gain root privileges.
This week, multiple security researchers have noticed that the sudo privilege escalation vulnerability CVE-2021-3156 also impacts the latest version of Apple macOS, Big Sur 11.2.
To demonstrate the claim, the researcher Matthew Hickey, the co-founder of Hacker House coded a simplistic Proof-of-Concept exploit of under ten lines that can enable standard macOS users to elevate their privileges to root.
Hickey told BleepingComputer he had reported the vulnerability to Apple but that it is not fixed yet in the most recent macOS Big Sur version 11.2.
Hickey further told us that it is not possible for macOS users to upgrade SUDO themselves due to Apple's System Integrity Protection security feature.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |