macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug

The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo bug macos
According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Leak Reveals All-New Design

Friday January 17, 2025 2:42 pm PST by
iOS 19 is still around six months away from being announced, but a new leak has allegedly revealed a completely redesigned Camera app. Based on footage it obtained, YouTube channel Front Page Tech shared a video showing what the new Camera app will apparently look like, with the key change being translucent menus for camera controls. Overall, the design of these menus looks similar to...
2024 App Store Awards

Apple Explains Why It Removed TikTok From the App Store in the U.S.

Sunday January 19, 2025 6:58 am PST by
Apple on late Saturday removed TikTok from the App Store in the U.S., and it has now explained why it was required to take this action. Last year, the U.S. passed a law that required Chinese company ByteDance to divest its ownership of TikTok due to potential national security risks, or else the platform would be banned. That law went into effect today, and companies like Apple and Google...
iPhone 17 Air Size Feature

'iPhone 17 Air' With Rear Camera Bar Allegedly Shown in Leaked Photo

Tuesday January 21, 2025 12:46 pm PST by
A leaker known as "Majin Bu" today shared an alleged image of a component for the rumored, ultra-thin "iPhone 17 Air" model. The blurry, pixelated image shows a pair of rear iPhone shells with a pill-shaped, raised camera bar along the top. On the left side of the bar, there is a circular cutout that appears to be for a single rear camera. On the right side of the bar, there appears to be an ...
iPhone SE Dynamic Island Majin Bu

iPhone SE 4 Leak Shows Dynamic Island, Casts Doubt on Rumored 'iPhone 16E' Name

Monday January 20, 2025 9:01 am PST by
A new iPhone SE is widely rumored to launch this year, and the device has potentially been confirmed today by known leaker Evan Blass. In a private social media post, Blass shared an image of what appears to be source code mentioning an iPhone SE (4th Gen), which casts doubt on the alternative "iPhone 16E" name rumored for the device. However, the name in the source code could be a...
airtag 4 pack blue

AirTag 2 Launching This Year With These 3 New Features

Sunday January 19, 2025 8:11 am PST by
After a four-year wait, a new AirTag is finally expected to launch in 2025. Below, we recap rumored upgrades for the accessory. A few months ago, Bloomberg's Mark Gurman said Apple was aiming to release the AirTag 2 around the middle of 2025. While he did not offer a more specific timeframe, that means the AirTag 2 could be announced by the end of June. The original AirTag was announced...
iOS 19 Roundup Feature

iOS 19 Rumored to Be Compatible With These iPhones

Saturday January 18, 2025 10:28 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cited a source who said iOS 19 will be compatible with any iPhone that can run iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro iPhone 15 Pro Max iPhone 14 iPhon...
apple power beats pro 2

Powerbeats Pro 2 Coming Soon: Apple to Announce Them 'Imminently'

Sunday January 19, 2025 8:25 am PST by
In September, Apple said that it would be launching Powerbeats Pro 2 in 2025, and it appears the wireless earbuds are coming very soon. Powerbeats Pro 2 images found in iOS 18 code In his Power On newsletter today, Bloomberg's Mark Gurman said the Powerbeats Pro 2 are "due imminently." In addition to Apple filing the Powerbeats Pro 2 in regulatory databases last month, Gurman said Apple is...
Generic iOS 18

Everything New in iOS 18.3 Beta 3

Thursday January 16, 2025 12:39 pm PST by
Apple provided the third beta of iOS 18.3 to developers today, and while the betas have so far been light on new features, the third beta makes some major changes to Notification Summaries and also tweaks a few other features. Notification Summary Changes Apple made multiple changes to Notification Summaries in response to complaints about inaccurate summaries of news headlines. For...

Top Rated Comments

neuropsychguy Avatar
52 months ago

Is Apple the first? Did other Unix and Linux push out the update too?
Most major Linux distros have already fixed it.

Examples:
https://ubuntu.com/security/CVE-2021-3156
https://access.redhat.com/security/cve/cve-2021-3156
https://www.suse.com/security/cve/CVE-2021-3156/
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a
Score: 6 Votes (Like | Disagree)
luvbug Avatar
52 months ago
Thank you! Much more than a charging bug, for sure.
Score: 6 Votes (Like | Disagree)
TriBruin Avatar
52 months ago

Now if it could just come standard with allowing us to use TouchID instead of typing our password.
You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.

https://derflounder.wordpress.com/2017/11/17/enabling-touch-id-authorization-for-sudo-on-macos-high-sierra/
Score: 5 Votes (Like | Disagree)
ruka.snow Avatar
52 months ago
Fantastic. Unlikely to affect me but still good to have the furniture nailed down.
Score: 4 Votes (Like | Disagree)
Jerry Fritschle Avatar
52 months ago

Reminds me of High Sierra. Waiting for the login “root” user access now. :p
I admit I thought of that, too. However, "sudo" is a utility found throughout unix/Linux systems. This was therefore not an "Apple" bug, but rather an update that had to come from upstream :-)
Score: 3 Votes (Like | Disagree)
Rafterman Avatar
52 months ago
Thanks Apple for yet another reboot. Get it right the first time.
Score: 2 Votes (Like | Disagree)