New Security Vulnerability Affects Current Mac OS Users

February 18, 2021

Written by wukovits

Not long ago, a critical flaw in Linux SUDO was discovered and is being tracked as CVE-2021-3156.

Given the nickname “Baron Samedit,” it’s a flaw in a Unix program that allows system admins to provide root level privileges to any users listed in the “sudoers” file.

More disturbing, however, is the fact that just over a week from the time this piece was written, researchers stumbled across the fact that the Sudo privilege escalation also impacts the latest version of macOS, Big Sur 11.2.

Linux developers have already moved to patch the issue in various Linux distros, including Debian, Fedora, and Ubuntu, which are three of the most popular. However, there is currently no fix yet for macOS, and no ETA for when one will be released. Apple has proven to be quite responsive in the face of issues like these, however, so the smart money says it won’t be long.

Security researcher Matthew Hickey put together a simple proof of concept that shows how the exploit works which is standard practice in situations like these, but it does mean that the clock is ticking. Even if the exploit wasn’t being actively used by hackers before, with a step-by-step blueprint in hand, you can bet that it’s just a matter of time.

Matthew Hickey points out that it’s not possible for Mac users to take matters into their own hands and attempt to upgrade SUDO manually because Apple’s System Integrity Protection system prevents this. IBM notes that there is not yet a patch for the AIX Unix distribution at this time, which is one of the few builds, other than macOS that are not yet protected against this flaw. So if you use either of those, be aware that you are facing a period of vulnerability and watch for the fix, which should be released soon.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

Send us a message

Your message was sent.