Latest macOS Big Sur also has SUDO root privilege escalation flaw

macOS Big Sur 11.2 brings Mac Bluetooth fix

Cupertino-based tech giant Apple has rolled out a new software update for Mac users.

The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. Some users use wireless keyboard and mouse along with laptops as well when using a laptop stand or connecting the MacBook to an external display. As per update's official changelog, the macOS Big Sur 11.2 addresses problems with Bluetooth and display on some Apple M1-powered Mac mini units.

To demonstrate the claim, the researcher Matthew Hickey (Hacker Fantastic), the co-founder of Hacker House coded a simplistic Proof-of-Concept (PoC) exploit of under ten lines that can enable standard macOS users to elevate their privileges to root.

IBM AIX Unix distros also remain vulnerable to Baron Samedit. There are no significant new features in this release, but it's suggested you update your Mac anyway, as it contains several bug fixes and (more importantly) security updates.

The update is now available to all Mac users.

Apple has reportedly been notified of the CVE-2021-3156 vulnerability, and due to the severity of the issue, a patch will likely be released soon.

Related:

Comments


Other news