• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
Close
Home Digital Life

Apple macOS has a decade-old bug that could grant attackers root-level access

  • BY Jinn Xiung
  • 4 February 2021
  • 4:47 pm
  • Comment
Share on FacebookShare on Twitter

A decade-old flaw has been found in the Sudo tool that could lead to root access on Unix-based systems, this includes Apple macOS Big Sur and earlier versions. The security vulnerability was discovered back in January by Qualys.

At first, it was not clear whether the vulnerability exists in macOS as the security firm only it tested on Ubuntu, Debian, and Fedora operating systems.



For those unfamiliar, Sudo is an app that allows users to run commands that normally would require root access, typically those that require security privileges of another user, such as an administrator.

The bug is said to trigger a “heap overflow” in Sudo that changes the current user’s privileges to enable root-level access. This can give an attacker access to the entire system. However, an attacker would need to gain low-level access to a system first to be able to exploit the bug and plant malware on it.



This was later confirmed by security researcher Matthew Hickey who disclosed that the bug could be exploited on Mac computers. Hickey said he tested the vulnerability and found that with a few modifications, the bug could be used to grant attackers access to macOS root accounts as well.

CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE

— Hacker Fantastic 📡 (@hackerfantastic) February 2, 2021

ZDNet reported that Hickey’s findings were confirmed by Patrick Wardle, who is said to be one of today’s leading macOS security experts and Will Dormann, a vulnerability analyst at the Carnegie Mellon University’s CERT Coordination Center.

Can confirm with macOS Big Sur on both x86_64 and aarch64. pic.twitter.com/nQqQ8rskv7

— Will Dormann (@wdormann) February 2, 2021

To make matters worse, Qualys said the bug was introduced in the Sudo code back in July 2011, effectively impacting all Sudo versions released in the past ten years. Worryingly, the researchers who discovered the bug said it was “likely to be exploitable” in other Unix-based operating systems.

So, if you are a macOS user should you be worried? As far as we know, the vulnerability requires local access to a computer in order for it to be exploited. As such it is unlikely that any regular user will be affected before an macOS update from Apple.

Hickey told ZDNet that the bug could be exploited in recent versions of macOS even after applying the recent security patches that Apple released this month. He said has already notified Apple about the issue though Apple has declined to comment as it investigates the issue. Regardless, it is likely that the Cupertino-based tech giant will fix the vulnerability in a security update before long.

[SOURCE]

Related reading

iOS 14.4 fixes security flaw that may have been actively exploited by malicious apps
Tags: ApplemacOSmacOS Big SurSudo bug
Jinn Xiung

Jinn Xiung

POPULAR

Apple macOS has a decade-old bug that could grant attackers root-level access

February 4, 2021

The butt naked Thor in Love and Thunder has been postponed in Malaysia to a 21 July release

July 1, 2022
Image Credit: Mohamed Hassan from Pixabay

The Copyright (Amendment) Act 2022 finally brings the hammer down on digital piracy

July 4, 2022

Malaysia uses WiFi symbol to celebrate 65th National Day

July 1, 2022

[UPDATE] Maxis is having network disruption, users are stuck on EDGE

June 30, 2022

Here’s why the MyCC can’t act on DNB and Celcom-Digi merger

July 3, 2022

Copyright © 2022 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2022 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER