Home > HOW TO GUIDES > Apple Fixes Sudo Root Flaw CVE-2021-3156, and 2 Intel Graphics Driver Bugs
THREAT REMOVAL

Apple Fixes Sudo Root Flaw CVE-2021-3156, and 2 Intel Graphics Driver Bugs

Apple fixes sudo root bug CVE-2021-3156Remember CVE-2021-3156, the vulnerability affecting the entire Linux ecosystem and macOS?

Apple Just Released a Fix for CVE-2021-3156

A successful exploit scenario could allow unprivileged users to obtain root privileges on the vulnerable host. Qualys, the company that reported the flaw, indepently verified it and developed multiple variants of exploit to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).




A couple of weeks later, it turned out that Macs running the latest version of Big Sur, 11.2, were also prone to the exploit. Apple didn’t have a fix for the bug until yesterday.

Fortunately, Apple has already released a patch for the critical sudo bug in macOS Big Sur, Catalina, and Mojave. The flaw could enable unauthenticated local users to obtain root-level privileges on the affected system.

Two Other Apple Bugs Also Patched

Apple also included fixes for two other security flaws in Intel Graphics Driver:

  • CVE-2021-1805 – “An out-of-bounds write was addressed with improved input validation,” Apple said. The vulnerability is fixed in macOS Big Sur 11.2, macOS Catalina 10.15.7. The vulnerability could enable arbitrary code execution with kernel privileges.
  • CVE-2021-1806

– “A race condition was addressed with additional validation,” according to the advisory. The vulnerability is fixed in macOS Big Sur 11.2, macOS Catalina 10.15.7. The vulnerability could also enable arbitrary code execution with kernel privileges.

If you haven’t opted for automatic updates, you can go Apple menu, select System Preferences, and click Software Update. This way, you will download and install the latest patches needed for your security.


Apple Was “Pwned” at a Chinese Hacking Content Earlier This Year

Did you know?
Apple was one of the companies, pwned at Tianfu Cup hacking contest, China’s biggest hacking competition. In this year’s edition, several tech-giants were “pwned”, including names like Microsoft, Samsung, VMWare, Google, and Apple.

The organizers confirmed successful exploits, some of which completely new, against software such as iOS 14 running on an iPhone 11 Pro and Windows 10 v2004 (April 2020 edition).

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...