macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug
According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and macOS Mojave 10.14.6.
The updates also include fixes for two bugs that could allow an app to execute arbitrary code with kernel privileges.
Discovered last week, the vulnerability triggers a “heap overflow” in sudo that changes the current user’s privileges to enable root-level access, giving an attacker access to the entire system.
Discuss this article in our forums