Root Access Sudo Bug Found to Affect macOS Big Sur
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet).
The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access. This can give an attacker access to the entire system. An attacker would need to gain low-level access to a system first to be able to exploit the bug, such as via planted malware.
Sudo is part of many Unix-like systems, including macOS, but it was initially unknown if the vulnerability affected Mac machines since it was only tested by Qualys on Ubuntu, Debian, and Fedora. Security researcher Matthew Hickey has now confirmed that the most recent version of macOS, macOS Big Sur 11.2 can be subject to the sudo attack.
Last week, there was speculation that the macOS Big Sur 11.2 update may address the sudo vulnerability, though it was not definitively known at the time if the bug would affect macOS. While it was found that sudo was left unchanged in macOS Big Sur 11.2, it is now clear that macOS is affected by the exploit.
With some minor modifications, Hickey found that the sudo bug could be used to grant attackers access to macOS root accounts, and the discovery has now been verified by Carnegie Mellon University vulnerability analyst Will Dormann.
Apple has reportedly been notified of the CVE-2021-3156 vulnerability, and due to the severity of the issue, a patch will likely be released soon.
Popular Stories
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost.
The new perk is the ability to create invitations in the Apple Invites app for the iPhone, which launched in the App Store last month.
In the Apple Invites app, iCloud+ subscribers can create invitations for any occasion, such as birthday parties, graduations, baby showers, and more. Anyone ...
While the first iOS 19 beta is still more than two months away, there are already plenty of rumors about the upcoming software update.
Below, we recap the key iOS 19 rumors so far.
visionOS-Like Design
In January, the YouTube channel Front Page Tech revealed a redesigned Camera app that is allegedly planned for iOS 19.
According to Front Page Tech host Jon Prosser, the Camera app...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
Unfortunately, this feature continues to roll out very slowly. It has been three and a half years since Apple first announced the...
Is Apple experiencing a "Vista-like drift into systemically poor execution?"
That was a question posed by well-known technology analyst Benedict Evans, in a recent blog post covering Apple's innovation and execution, or seemingly lack thereof as of late. He is referring to Microsoft's Windows Vista operating system, which was widely criticized when it launched in 2007 due to software bugs,...
Seasoned leaker Sonny Dickson has shared more dummy models of Apple's upcoming iPhone 17 series, with the latest lot revealing a noticeable shift in Apple's iPhone Pro model design that goes beyond the much-talked-about new rear camera bar.
Dickson points out that the iPhone 17 Pro dummy models feature an outlined area on the back, beginning just below the camera module and extending to the...
We're not getting new Siri Apple Intelligence features in iOS 18.4 as expected, but the upcoming update does have quite a few new additions that will be worth upgrading for. We've rounded up the five best features to look forward to, and if you're not running the beta, you can expect to get access to these in early April.
Priority Notifications
If you have an iPhone or iPad that supports...
Following the introduction of the iPhone 16e, new iPads and Macs, and some new accessories over the past month, what will Apple's next product announcement be? Based on rumors, a second-generation AirTag item tracker is likely next up.
Last year, Bloomberg's Mark Gurman reported that a new AirTag would be released around the middle of 2025. More recently, a leaker known as Kosutami claimed...
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for.
Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Serial leaker Sonny Dickson today shared an image of what he claims is a first look at a third-party case for Apple's iPhone 17 Air. "If you didn’t know an Air was coming, you'd swear it was a Google Pixel case," he said.
Case manufacturers often obtain design specifications of upcoming iPhone models before their release by collaborating with Apple through official partnerships or...
