A security vulnerability that was classified as CVE-2021-3156 last week affects sudo, a system administration program that allows users to execute commands with security privileges as another user, such as an administrator. The bug causes a buffer overflow in sudo, as a result of which the current user’s ROOT access rights are changed. This allows an attacker to gain access to the entire system, but first he needs low-level access to exploit the vulnerability, which can be obtained, for example, using malware.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE
— Hacker Fantastic 📡 (@hackerfantastic) February 2, 2021
sudo is part of many UNIX systems, including macOS. The vulnerability was initially proven to affect Ubuntu, Debian and Fedora, and there were doubts about Mac devices. Now security researcher Matthew Hickey has said that the latest version of macOS could also be vulnerable to this attack.
Last week, experts suggested that the macOS Big Sur 11.2 update should fix the vulnerability, but it was discovered that this release of sudo remained unchanged. Thus, it can be argued that the bug also affected macOS. Matthew Hickey determined that, with some minor changes, the bug could still be used to give attackers access to macOS root user accounts. This has already been confirmed by Carnegie Mellon University CERT Will Dormann and macOS Security Lead Patrick Wardle.
Apple has already notified the CVE-2021-3156 vulnerability, so a patch will be released soon.
