Security News > 2021 > February > Apple fixes SUDO root privilege escalation flaw in macOS

Apple fixes SUDO root privilege escalation flaw in macOS
2021-02-10 00:07

Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.

Last month, security researchers at Qualys disclosed the SUDO CVE-2021-3156 vulnerability, aka Baron Samedit, that allowed them to gain root privileges on multiple Linux distributions, including Debian, Ubuntu, and Fedora 33.

Today, Apple released security updates for macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 that fix the sudo vulnerability.

Hickey has confirmed with BleepingComputer that the latest Apple security updates fix the vulnerability and that Apple users should apply the update as soon possible.

In addition to the sudo fix, today's updates also fix two arbitrary code execution vulnerabilities in Intel graphics drivers.

Due to the severity of the vulnerabilities, it is strongly advised that macOS users install the security updates as soon as possible.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349