The bug in the Sudo application also works on macOS

A British researcher s discovered today that the recent security vulnerability in the Sudo application also affects macOS system (not just Linux and BSD).

The vulnerability, which was revealed last week like CVE-2021-3156 (γνωστή και ως Baron Samedit) από ερευνητές της Qualys, επηρεάζει το Sudo, μια εφαρμογή που επιτρέπει στους διαχειριστές να δίνουν περιορισμένη πρόσβαση root σε άλλους χρήστες.

Qualys researchers have discovered that they could cause a "heap overflow" in the Sudo application to change the current user's low privilege access to root-level commands, giving a potential attacker access to the entire system.

The only requirement to exploit this flaw was that an attacker must gain access to a system, which the researchers said could be done either by placing a on a device or by brute-forcing on low privileged system accounts.

However, as Matthew Hickey, the co-founder of Hacker House shows us at , the recent version of macOS also has the Sudo app.

Hickey said he tested the CVE-2021-3156 vulnerability and found that with some modifications, the security loophole could be used to give potential intruders access to macOS root accounts.

"To enable it, you just need to replace argv [0] or create a symlink, which will expose the operating system to the same local root vulnerability that affected Linux users last week."

The researcher said he has informed Apple about the issue. So some is probably expected from Cupertino.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).