Security News > 2021 > February > Apple Patches Recent Sudo Vulnerability in macOS
Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility.
Disclosed during the last week of January 2021, the vulnerability is tracked as CVE-2021-3156, but it's also called Baron Samedit, and it has been lurking in Sudo since July 2011.
Sudo v1.9.5p2 resolves the vulnerability, and Apple has addressed the flaw by updating the tool to the patched version.
Apple this week released macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 to address Baron Samedit, as well as two other vulnerabilities in Intel graphics drivers.
Both vulnerabilities were found to impact macOS Big Sur 11.2 and macOS Catalina 10.15.7, and were patched with improved validation.
Last week, Apple released patches for over 60 vulnerabilities in macOS, including the recently disclosed NAT Slipstreaming 2.0 attack, which could provide attackers with the ability to access devices on the internal network.
News URL
Related news
- Apple’s New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software (source)
- 0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (source)
- New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems (source)
- New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data (source)
- Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers (source)
- Apple's latest macOS release is breaking security software, network connections (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |