Security News > 2021 > February > Apple fixes SUDO root privilege escalation flaw in macOS
Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.
Last month, security researchers at Qualys disclosed the SUDO CVE-2021-3156 vulnerability, aka Baron Samedit, that allowed them to gain root privileges on multiple Linux distributions, including Debian, Ubuntu, and Fedora 33.
Today, Apple released security updates for macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 that fix the sudo vulnerability.
Hickey has confirmed with BleepingComputer that the latest Apple security updates fix the vulnerability and that Apple users should apply the update as soon possible.
In addition to the sudo fix, today's updates also fix two arbitrary code execution vulnerabilities in Intel graphics drivers.
Due to the severity of the vulnerabilities, it is strongly advised that macOS users install the security updates as soon as possible.
News URL
Related news
- Apple’s New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software (source)
- New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems (source)
- New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data (source)
- Apple's latest macOS release is breaking security software, network connections (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |