New macOS Vulnerability Could Potentially Give Root Access to Local Users

BY Sanuj Bhatia

Published 3 Feb 2021

macos big sur vulnerability

Finding vulnerabilities in the operating systems isn’t new. A lot of vulnerabilities in macOS have been reported earlier. But, a decade-old vulnerability has been found that could lead to root access being given to local users on Unix-based systems, including macOS Big Sur.

A new issue, raised by security researchers in January this year, discloses a vulnerability that can affect Unix-based operating systems like macOS and Linux. Researchers note that the bug has been there for at least a decade, however, this is the first time it has surfaced and has been reported.

Identified as CVE-2021-3156, the vulnerability exploits a heap-based buffer overflow in Sudo. It was first reported in Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2) and the researchers say it can even affect other operating systems including the latest macOS Big Sur.

Will Dormann, a security researcher has confirmed that the vulnerability exists on Macs, both Intel-based and Apple Silicon-based, even on the latest version macOS Big Sur 11.2. The issue has been reported to Apple, though the company declined to comment and acknowledge the issue, you can expect a security patch rolling out anytime soon.

The vulnerability gives root access to the local user. Giving root access means a hacker can tamper with any file on your operating system, even the system files. This particular vulnerability requires local access to the computer, and since the exact exploit hasn’t been made public, there are very rare chances of your Mac being risked.

A lot of security-bugs have been reported in macOS. Last year, Apple patched a bug that allowed unauthorized apps to bypass the protection system on Mac. The year before that, a security researcher highlighted bugs in macOS’ Gatekeeper.

We Want to Hear From You

Have you experienced a vulnerability or a security-related bug on macOS? Do let us know in the comment section below!