Root Access Sudo Bug Found to Affect macOS Big Sur
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet).
The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access. This can give an attacker access to the entire system. An attacker would need to gain low-level access to a system first to be able to exploit the bug, such as via planted malware.
Sudo is part of many Unix-like systems, including macOS, but it was initially unknown if the vulnerability affected Mac machines since it was only tested by Qualys on Ubuntu, Debian, and Fedora. Security researcher Matthew Hickey has now confirmed that the most recent version of macOS, macOS Big Sur 11.2 can be subject to the sudo attack.
Last week, there was speculation that the macOS Big Sur 11.2 update may address the sudo vulnerability, though it was not definitively known at the time if the bug would affect macOS. While it was found that sudo was left unchanged in macOS Big Sur 11.2, it is now clear that macOS is affected by the exploit.
With some minor modifications, Hickey found that the sudo bug could be used to grant attackers access to macOS root accounts, and the discovery has now been verified by Carnegie Mellon University vulnerability analyst Will Dormann.
Apple has reportedly been notified of the CVE-2021-3156 vulnerability, and due to the severity of the issue, a patch will likely be released soon.
Popular Stories
Apple hasn't updated the AirPods Pro since 2022, and the earbuds are due for a refresh. We're counting on a new model this year, and we've seen several hints of new AirPods tucked away in Apple's code. Rumors suggest that Apple has some exciting new features planned that will make it worthwhile to upgrade to the latest model.
Subscribe to the MacRumors YouTube channel for more videos.
Heal...
Popular accessory maker Anker this month launched two separate recalls for its power banks, some of which may be a fire risk.
The first recall affects Anker PowerCore 10000 Power Banks sold between June 1, 2016 and December 31, 2022 in the United States. Anker says that these power banks have a "potential issue" with the battery inside, which can lead to overheating, melting of plastic...
Chase this week announced a series of new perks for its premium Sapphire Reserve credit card, and one of them is for a pair of Apple services.
Specifically, the credit card now offers complimentary annual subscriptions to Apple TV+ and Apple Music, a value of up to $250 per year.
If you are already paying for Apple TV+ and/or Apple Music directly through Apple, those subscriptions will...
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further.
During its WWDC 2025 keynote, Apple said that 13...
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are around three months away, and there are plenty of rumors about the devices.
Apple is expected to launch the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max in September this year.
Below, we recap key changes rumored for the iPhone 17 Pro models:Aluminum frame: iPhone 17 Pro models are rumored to have an...
Apple last month announced the launch of CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles.
There was news this week about which automakers will and won't offer CarPlay Ultra, and we have provided an updated list below.
CarPlay Ultra is currently limited to newer Aston Martin vehicles in the U.S. and Canada. Fortunately, if you cannot...
Apple will finally deliver the Apple Watch Ultra 3 sometime this year, according to analyst Jeff Pu of GF Securities Hong Kong (via @jukanlosreve).
The analyst expects both the Apple Watch Series 11 and Apple Watch Ultra 3 to arrive this year (likely alongside the new iPhone 17 lineup, if previous launches are anything to go by), according to his latest product roadmap shared with...
