macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug

by

The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac.

sudo bug macos
According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.

The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.

Discovered last week, the vulnerability triggers a "heap overflow" in sudo that changes the current user's privileges to enable root-level access, giving an attacker access to the entire system.

Top Rated Comments

neuropsychguy Avatar
neuropsychguy
14 weeks ago

Is Apple the first? Did other Unix and Linux push out the update too?
Most major Linux distros have already fixed it.

Examples:
https://ubuntu.com/security/CVE-2021-3156
https://access.redhat.com/security/cve/cve-2021-3156
https://www.suse.com/security/cve/CVE-2021-3156/
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a
Score: 6 Votes (Like | Disagree)
luvbug Avatar
luvbug
14 weeks ago
Thank you! Much more than a charging bug, for sure.
Score: 6 Votes (Like | Disagree)
TriBruin Avatar
TriBruin
14 weeks ago

Now if it could just come standard with allowing us to use TouchID instead of typing our password.
You know that you can enable this feature. Unfortunately, it has to be re-enabled after each update.

https://derflounder.wordpress.com/2017/11/17/enabling-touch-id-authorization-for-sudo-on-macos-high-sierra/
Score: 5 Votes (Like | Disagree)
ruka.snow Avatar
ruka.snow
14 weeks ago
Fantastic. Unlikely to affect me but still good to have the furniture nailed down.
Score: 4 Votes (Like | Disagree)
Jerry Fritschle Avatar
Jerry Fritschle
14 weeks ago

Reminds me of High Sierra. Waiting for the login “root” user access now. :p
I admit I thought of that, too. However, "sudo" is a utility found throughout unix/Linux systems. This was therefore not an "Apple" bug, but rather an update that had to come from upstream :-)
Score: 3 Votes (Like | Disagree)
Rafterman Avatar
Rafterman
14 weeks ago
Thanks Apple for yet another reboot. Get it right the first time.
Score: 2 Votes (Like | Disagree)
Read All Comments

Top Stories

apple music change forever

Apple Music Teaser: 'Get Ready – Music is About to Change Forever'

Sunday May 16, 2021 2:39 pm PDT by
The Browse tab in the Music app across Apple's platforms has started displaying a prominent teaser hinting at an upcoming major announcement for Apple Music. Under the heading "Coming soon," the headline says "Get ready – music is about to change forever." An accompanying "Tune-In Video" simply shows an animated Apple Music logo. Rumors have indicated that Apple is preparing to launch a...
Read Full Article148 comments
m1 ipad pro early customer

M1 iPad Pro Arrives Early for Lucky Customer

Saturday May 15, 2021 11:57 pm PDT by
Days ahead of their expected launch and seemingly before official review embargoes lift, one lucky customer has already gotten their hands on the brand new 12.9-inch M1 iPad Pro. Reddit User PeterDragon50 Posted on Reddit, u/PeterDragon50 has already received their 12.9-inch iPad Pro through retailer Nebraska Furniture Mart. The Reddit user says they placed their order when pre-orders...
Read Full Article388 comments
2021 mbp hdmi slot 3d

2021 MacBook Pro Leaks Confirm Returning MagSafe and Ports

Friday May 14, 2021 3:06 am PDT by
Apple's upcoming MacBook Pro models are expected to feature a number of major changes such as larger display options and powerful new Apple silicon chips. Among the more surprising updates to this year's MacBook Pro models is the return of three ports that have been missing from the machines for over five years. Expected to come in 14- and 16-inch sizes, the 2021 MacBook Pro models are...
Read Full Article
Twitter Feature

Twitter's 'Blue' Subscription Service May Cost $2.99, Will Offer Undo Tweet Option

Saturday May 15, 2021 11:08 am PDT by
Twitter has been working on some kind of subscription service since last summer, and Jane Manchun Wong, who often digs into new features coming in apps, has shared details on just what Twitter is exploring. Twitter's subscription service could be called Twitter Blue, and at the current time, it's priced at $2.99 per month. There will be a "Collections" section that allows users to save and...
Read Full Article120 comments
AirPods Lineup Not Lossless Feature

AirPods, AirPods Max and AirPods Pro Don't Support Apple Music Lossless Audio

Monday May 17, 2021 10:44 am PDT by
Apple today announced that starting in June, Apple Music songs will be available to stream in Lossless and Hi-Resolution Lossless formats, but lossless audio won't be supported on the AirPods, AirPods Max, or AirPods Pro. Apple's Lossless Audio is encoded as Apple Lossless Audio Codec files, with lossless quality ranging from 16-bit 44.1 kHz playback to 24-bit 48 kHz playback and Hi-Res...
Read Full Article457 comments
Top Stories 60 Feature

Top Stories: M1 iMac Benchmarks, iPhone Battery Life Tips, Colorful MacBook Air?

Saturday May 15, 2021 6:00 am PDT by
Anticipation is building for the new iMac and iPad Pro models, which have started shipping out ahead of a launch around May 21. Benchmarks for the new machines are starting to come in, and the M1 chips inside of them are registering at around the same figures seen with other M1-based Macs, making for significant upgrades over previous-generation models. This week also saw some rumors about...
Read Full Article35 comments
apple music spatial audio

Apple Music Launching Spatial Audio With Dolby Atmos and Lossless Audio in June at No Extra Cost

Monday May 17, 2021 6:06 am PDT by
Apple today announced that Apple Music will be gaining support for Spatial Audio with Dolby Atmos at no additional cost starting in June. At launch, Apple Music subscribers will have access to thousands of songs in Spatial Audio from artists like J Balvin, Gustavo Dudamel, Ariana Grande, Maroon 5, Kacey Musgraves, The Weeknd, and many others. Apple says this feature will provide a...
Read Full Article422 comments
General Music and AirPod 3 Feature

Rumor: Apple to Announce Third-Generation AirPods and HiFi Apple Music Tier on May 18

Thursday May 13, 2021 10:32 pm PDT by
A new rumor suggests that Apple will announce the third-generation AirPods and the recently rumored HiFi, or high-fidelity Apple Music tier, on Tuesday, May 18, via a press release on its website. The new rumor comes from Apple YouTuber Luke Miani who shared the alleged exclusive news with the AppleTrack website. According to the YouTuber, Apple plans to release the next-generation AirPods...
Read Full Article198 comments
apple music logo

Apple Music Teaser References 'Hi-Res Lossless' and 'Dolby Atmos'

Sunday May 16, 2021 4:04 pm PDT by
Earlier today, Apple Music began teasing a special announcement with the tagline "Get Ready – Music is About to Change Forever." This teaser comes amid a rumor that Apple is preparing to announce the third-generation AirPods alongside a HiFi, or lossless audio streaming tier for Apple Music on Tuesday, May 18. Now, references to "Apple Lossless," "Free Lossless," "Hi-Res Lossless," and...
Read Full Article136 comments
tile amazon sidewalk integration

Apple Says Tile Trackers Sold Poorly in Apple Stores

Friday May 14, 2021 4:53 am PDT by
Earlier last month, Spotify, Tile, and Match (owner of Tinder), testified at an app store antitrust hearing spearheaded by the U.S. Senate. During the hearing, Spotify called Apple's App Store "an abusive power grab," while Tile said Apple uses its platform to "unfairly limit competition for its products." Now, in response to their testimonies, Apple's vice president and chief compliance...
Read Full Article143 comments