Finding vulnerabilities in the operating systems isn’t new. A lot of vulnerabilities in macOS have been reported earlier. But, a decade-old vulnerability has been found that could lead to root access being given to local users on Unix-based systems, including macOS Big Sur.
A new issue, raised by security researchers in January this year, discloses a vulnerability that can affect Unix-based operating systems like macOS and Linux. Researchers note that the bug has been there for at least a decade, however, this is the first time it has surfaced and has been reported.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one's privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE
— Hacker Fantastic 📡 (@hackerfantastic) February 2, 2021
Identified as CVE-2021-3156, the vulnerability exploits a heap-based buffer overflow in Sudo. It was first reported in Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2) and the researchers say it can even affect other operating systems including the latest macOS Big Sur.
Will Dormann, a security researcher has confirmed that the vulnerability exists on Macs, both Intel-based and Apple Silicon-based, even on the latest version macOS Big Sur 11.2. The issue has been reported to Apple, though the company declined to comment and acknowledge the issue, you can expect a security patch rolling out anytime soon.
The vulnerability gives root access to the local user. Giving root access means a hacker can tamper with any file on your operating system, even the system files. This particular vulnerability requires local access to the computer, and since the exact exploit hasn’t been made public, there are very rare chances of your Mac being risked.
A lot of security-bugs have been reported in macOS. Last year, Apple patched a bug that allowed unauthorized apps to bypass the protection system on Mac. The year before that, a security researcher highlighted bugs in macOS’ Gatekeeper.
We Want to Hear From You
Have you experienced a vulnerability or a security-related bug on macOS? Do let us know in the comment section below!