Home > Cyber News > Beware: CVE-2021-3156 Sudo Bug Also Impacts macOS
CYBER NEWS

Beware: CVE-2021-3156 Sudo Bug Also Impacts macOS

by   |  Last Update:  |  0 Comments  

macos vulnerabilityRemember CVE-2021-3156, also known as Baron Samedit? It is a recently disclosed vulnerability affecting nearly the entire Linux ecosystem.

CVE-2021-3156 Also Affects macOS

According to the latest research, Linux is not the only environment that the vulnerability affects. Researcher Matthew Hickey says that the CVE-2021-3156 bug also impacts macOS. Only minor changes to the original exploit are needed to exploit the bug on macOS.

The original description indicated that the vulnerability is a heap-based buffer overflow, affecting Sudo before 1.9.5p2. If exploited, the bug could lead to privilege escalation to root via “sudoedit-s” and a command-line argument that ends with a single backslash character.

A successful exploit scenario could allow unprivileged users to obtain root privileges on the vulnerable host. Qualys, the company that reported the flaw, indepently verified it and developed multiple variants of exploit to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).

However, now it turns out that Macs running the latest version of Big Sur, 11.2, are also prone to the exploit. What is worse is that currently, Apple doesn’t have a fix for it.




“CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0. Fun for @p0sixninja,” the researcher shared on Twitter.

Vulnerability analyst Will Dormann confirmed the issue in macOS Big Sur on both x86_64 and aarch64.

Qualys, the security firm that first reported the bug, has updated their original advisory with the macOS details. However, the company hasn’t verified the exploit independently.

It is noteworthy that CVE-2021-3156 is considered the most severe Sudo issue in recent years. Two other bugs were reported in the past couple of years, but they weren’t as dangerous as this one.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2021-3156: Dangerous Sudo Bug Could Allow Root Access CVE-2021-3156 is a recently disclosed vulnerability that affects almost the...
  2. Apple Fixes Sudo Root Flaw CVE-2021-3156, and 2 Intel Graphics Driver Bugs Remember CVE-2021-3156, the vulnerability affecting the entire Linux ecosystem and...
  3. CVE-2019-14287: Sudo Bug Allows Restricted Users to Run Commands as Root CVE-2019-14287 is a new vulnerability discovered in Sudo. Sudo is...
  4. CVE-2017-1000367, Severe Root Vulnerability in Linux Sudo CVE-2017-1000367 is a severe root Linux vulnerability discovered by Qualys...
  5. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  6. CVE-2017-1000364, Stack Slash Flaw in Linux Patched How do you feel about a decade-old vulnerability in a...
  7. Top 15 Linux Security Questions You Didn’t Know You Had Beginner Linux administrators and users should know that even though...
  8. Severe macOS Big Sur Bug Could Lead to Data Loss There’s quite a big loophole in macOS Big Sur which...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree