Root Access Sudo Bug Found to Affect macOS Big Sur
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet).
The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access. This can give an attacker access to the entire system. An attacker would need to gain low-level access to a system first to be able to exploit the bug, such as via planted malware.
Sudo is part of many Unix-like systems, including macOS, but it was initially unknown if the vulnerability affected Mac machines since it was only tested by Qualys on Ubuntu, Debian, and Fedora. Security researcher Matthew Hickey has now confirmed that the most recent version of macOS, macOS Big Sur 11.2 can be subject to the sudo attack.
Last week, there was speculation that the macOS Big Sur 11.2 update may address the sudo vulnerability, though it was not definitively known at the time if the bug would affect macOS. While it was found that sudo was left unchanged in macOS Big Sur 11.2, it is now clear that macOS is affected by the exploit.
With some minor modifications, Hickey found that the sudo bug could be used to grant attackers access to macOS root accounts, and the discovery has now been verified by Carnegie Mellon University vulnerability analyst Will Dormann.
Apple has reportedly been notified of the CVE-2021-3156 vulnerability, and due to the severity of the issue, a patch will likely be released soon.
Popular Stories
We're only weeks away from Apple's annual iPhone event – rumored to take place on September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023.
By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for enhancements,...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
This week, Apple announced the 10th U.S. state that has implemented the feature: Montana.
Below, we have recapped key details about...
Apple today provided developers with updated beta firmware for the AirPods Pro 2 and AirPods 4, allowing them to test the new AirPods features in iOS 26, iPadOS 26, and macOS Tahoe. The firmware is only available to developers at the current time, and a device running iOS 26, iPadOS 26, or macOS 26 is required to install the update. The firmware has a build number of 8A5343a, up from 8A5324b.
...
Apple's software engineers are testing iOS 18.6.2, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions.
Yesterday, an anonymous source with a proven track record said iOS 18.6.2 was incoming, but the update was not present in our logs at that time.
Last year, the same anonymous source claimed that iOS 17.5.2 was in the pipeline, but Apple ...
Apple is planning to launch a new "TechWoven" line of cases for the iPhone 17 series, according to a leaker known as "Majin Bu."
Two years ago, Apple stopped selling leather iPhone cases, as part of the company's efforts to reduce its carbon emissions. As an alternative, Apple introduced a new "FineWoven" line of fabric iPhone cases made from 68% post-consumer recycled content, but they were ...
Tomorrow marks the sixth anniversary of the Apple Card becoming widely available in the U.S., following a more limited preview period.
Apple's credit card can be managed in the iPhone's Wallet app, with key benefits including color-coded spending summaries, no fees, and Daily Cash cash back paid out daily. Apple Card holders can also open a high-yield savings account.
The anniversary...
The seventh developer beta of iOS 26 is now available. While we are now in the later stages of the iOS 26 beta cycle, there are still some changes.
Below, we outline everything new that we have found in iOS 26 beta 7 so far.
Redesigned Blood Oxygen Feature
The seventh developer betas of iOS 26 and watchOS 26 include a redesigned Blood Oxygen feature on Apple Watch Series 9, Apple Watch ...
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman.
Apple smart home hub concept
This is likely Apple's long-rumored "homeOS" operating system.
In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend...
