A British researcher better safetys discovered today that the recent security vulnerability in the Sudo application also affects functional macOS system (not just Linux and BSD).
The vulnerability, which was revealed last weekteam like CVE-2021-3156 (γνωστή και ως Baron Samedit) από ερευνητές security της Qualys, επηρεάζει το Sudo, μια εφαρμογή που επιτρέπει στους διαχειριστές να δίνουν περιορισμένη πρόσβαση root σε άλλους χρήστες.
Qualys researchers have discovered that they could cause a "heap overflow" in the Sudo application to change the current user's low privilege access to root-level commands, giving a potential attacker access to the entire system.
The only requirement to exploit this flaw was that an attacker must gain access to a system, which the researchers said could be done either by placing a malware on a device or by brute-forcing on low privileged system accounts.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one's privileges to 1337 uid=0. Fun for @ p0sixninja pic.twitter.com/tyXFB3odxE
— hackerfantastic.x (@hackerfantastic) February 2, 2021
However, as Matthew Hickey, the co-founder of Hacker House shows us at Twitter, the recent version of macOS also has the Sudo app.
Hickey said he tested the CVE-2021-3156 vulnerability and found that with some modifications, the security loophole could be used to give potential intruders access to macOS root accounts.
"To enable it, you just need to replace argv [0] or create a symlink, which will expose the operating system to the same local root vulnerability that affected Linux users last week."
The researcher said he has informed Apple about the issue. So some is probably expected information from Cupertino.