Apple fixes critical sudo vulnerability in macOS
Apple has released an update for macOS that fixes a vulnerability in the sudo command. This made it possible to execute commands with admin rights. The fix was previously available on Linux.
These are macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002. It fixes a bug in the sudo command. CVE-2021-3156 is a buffer overflow vulnerability discovered by Qualys security researchers last month. The vulnerability allows access to a machine to execute commands in a shell with admin rights.
Although sudo as a command is best known for use on Linux distros, it is also a popular command on macOS. Upon discovery, the researchers were able to run a proof-of-concept on Ubuntu, Debian, and Fedora. This was not attempted on macOS. A patch has also been available for some time, but it is only now automatically implemented on Apple operating systems.