New macOS Vulnerability Could Potentially Give Root Access to Local Users

BY Sanuj Bhatia

Published 3 Feb 2021

Finding vulnerabilities in the operating systems isn’t new. A lot of vulnerabilities in macOS have been reported earlier. But, a decade-old vulnerability has been found that could lead to root access being given to local users on Unix-based systems, including macOS Big Sur.

A new issue, raised by security researchers in January this year, discloses a vulnerability that can affect Unix-based operating systems like macOS and Linux. Researchers note that the bug has been there for at least a decade, however, this is the first time it has surfaced and has been reported.

CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one's privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE

— hackerfantastic.crypto (@hackerfantastic) February 2, 2021

Identified as CVE-2021-3156, the vulnerability exploits a heap-based buffer overflow in Sudo. It was first reported in Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2) and the researchers say it can even affect other operating systems including the latest macOS Big Sur.

Will Dormann, a security researcher has confirmed that the vulnerability exists on Macs, both Intel-based and Apple Silicon-based, even on the latest version macOS Big Sur 11.2. The issue has been reported to Apple, though the company declined to comment and acknowledge the issue, you can expect a security patch rolling out anytime soon.

The vulnerability gives root access to the local user. Giving root access means a hacker can tamper with any file on your operating system, even the system files. This particular vulnerability requires local access to the computer, and since the exact exploit hasn’t been made public, there are very rare chances of your Mac being risked.

A lot of security-bugs have been reported in macOS. Last year, Apple patched a bug that allowed unauthorized apps to bypass the protection system on Mac. The year before that, a security researcher highlighted bugs in macOS’ Gatekeeper.

We Want to Hear From You

Have you experienced a vulnerability or a security-related bug on macOS? Do let us know in the comment section below!

Want to know more about Apple Products?

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

iOS 16.1, iPadOS 16.1, and macOS Ventura Release Time on October 24

Sriansh

Rumor: Apple Testing Touch-Optimized macOS Version for M2 iPad Pro

Sriansh

iOS 15.6 and macOS 12.5 Fix Major Security Vulnerabilities

Sriansh

All New macOS Ventura Features

Parth Shah

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,