Security News > 2021 > February > Apple Patches Recent Sudo Vulnerability in macOS

Apple Patches Recent Sudo Vulnerability in macOS
2021-02-10 15:07

Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility.

Disclosed during the last week of January 2021, the vulnerability is tracked as CVE-2021-3156, but it's also called Baron Samedit, and it has been lurking in Sudo since July 2011.

Sudo v1.9.5p2 resolves the vulnerability, and Apple has addressed the flaw by updating the tool to the patched version.

Apple this week released macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 to address Baron Samedit, as well as two other vulnerabilities in Intel graphics drivers.

Both vulnerabilities were found to impact macOS Big Sur 11.2 and macOS Catalina 10.15.7, and were patched with improved validation.

Last week, Apple released patches for over 60 vulnerabilities in macOS, including the recently disclosed NAT Slipstreaming 2.0 attack, which could provide attackers with the ability to access devices on the internal network.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/cEcnY3F0ZJA/apple-patches-recent-sudo-vulnerability-macos

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349