A British security researcher discovered today that recent security vulnerability in the Sudo application also affects the macOS operating system (not just Linux and BSD).
The vulnerability, revealed last week as CVE-2021-3156 (also known as Baron Samedit) by Qualys security researchers, influences Sudo, an application that allows administrators to grant restricted root access to other users.
Qualys researchers have discovered that they could cause a "heap overflow" in the Sudo application to change the current user's low privilege access to root-level commands, giving a potential attacker access to the entire system.
The only condition for exploiting this error was that the attacker had to gain access to a system, which the researchers said could be done either by installing some malware on a device or by brute-forcing system accounts with low privileges.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one's privileges to 1337 uid = 0. Fun for @ p0sixninja pic.twitter.com/tyXFB3odxE
- Hacker Fantastic 📡 (@hackerfantastic) February 2
However, as Matthew Hickey, co-founder of Hacker House on Twitter, shows us, the latest version of macOS also features Sudo.
Hickey said he tested the CVE-2021-3156 vulnerability and found that with some modifications, the security loophole could be used to give potential intruders access to macOS root accounts.
"To enable it, you just need to replace argv  or create a symlink, which will expose the operating system to the same local root vulnerability that affected Linux users last week."
The researcher said that he informed Apple about this problem. So an update from Cupertino is probably expected.