Skip to Content

macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug

by

The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo bug macos
According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.

Popular Stories

MacBook Neo Feature Pastel 1

First MacBook Neo Benchmarks Are In: Here's How It Compares to the M1 MacBook Air

Thursday March 5, 2026 4:07 pm PST by
Benchmarks for the new MacBook Neo surfaced today, and unsurprisingly, CPU performance is almost identical to the iPhone 16 Pro. The MacBook Neo uses the same 6-core A18 Pro chip that was first introduced in the iPhone 16 Pro, but it has one fewer GPU core. The MacBook Neo earned a single-core score of 3461 and a multi-core score of 8668, along with a Metal score of 31286. Here's how the...
Read Full Article339 comments
MacBook Neo Feature Pastel 1

Apple Announces $599 'MacBook Neo' With A18 Pro Chip

Wednesday March 4, 2026 6:15 am PST by
Apple today announced the "MacBook Neo," an all-new kind of low-cost Mac featuring the A18 Pro chip for $599. The MacBook Neo is the first Mac to be powered by an iPhone chip; the A18 Pro debuted in 2024's iPhone 16 Pro models. Apple says it is up to 50% faster for everyday tasks than the bestselling PC with the latest shipping Intel Core Ultra 5, up to 3x faster for on-device AI workloads,...
Read Full Article1354 comments
Multicolored Low Cost A18 Pro MacBook Feature

Apple Accidentally Leaks 'MacBook Neo'

Tuesday March 3, 2026 7:00 am PST by
Apple appears to have prematurely revealed the name of its rumored lower-cost MacBook model, which is expected to be announced this Wednesday. A regulatory document for a "MacBook Neo" (Model A3404) has appeared on Apple's website. Unfortunately, there are no further details or images available yet. While the PDF file does not contain the "MacBook Neo" name, it briefly appeared in a link...
Read Full Article402 comments

Top Rated Comments

N
neuropsychguy
66 months ago

Is Apple the first? Did other Unix and Linux push out the update too?
Most major Linux distros have already fixed it.

Examples:
https://ubuntu.com/security/CVE-2021-3156
https://access.redhat.com/security/cve/cve-2021-3156
https://www.suse.com/security/cve/CVE-2021-3156/
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a
Score: 6 Votes (Like | Disagree)
luvbug Avatar
luvbug
66 months ago
Thank you! Much more than a charging bug, for sure.
Score: 6 Votes (Like | Disagree)
T
TriBruin
66 months ago

Now if it could just come standard with allowing us to use TouchID instead of typing our password.
You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.

https://derflounder.wordpress.com/2017/11/17/enabling-touch-id-authorization-for-sudo-on-macos-high-sierra/
Score: 5 Votes (Like | Disagree)
ruka.snow Avatar
ruka.snow
66 months ago
Fantastic. Unlikely to affect me but still good to have the furniture nailed down.
Score: 4 Votes (Like | Disagree)
J
Jerry Fritschle
66 months ago

Reminds me of High Sierra. Waiting for the login “root” user access now. :p
I admit I thought of that, too. However, "sudo" is a utility found throughout unix/Linux systems. This was therefore not an "Apple" bug, but rather an update that had to come from upstream :-)
Score: 3 Votes (Like | Disagree)
Rafterman Avatar
Rafterman
66 months ago
Thanks Apple for yet another reboot. Get it right the first time.
Score: 2 Votes (Like | Disagree)
Read All Comments