A decade-old flaw has been found in the Sudo tool that could lead to root access on Unix-based systems, this includes Apple macOS Big Sur and earlier versions. The security vulnerability was discovered back in January by Qualys.
At first, it was not clear whether the vulnerability exists in macOS as the security firm only it tested on Ubuntu, Debian, and Fedora operating systems.
For those unfamiliar, Sudo is an app that allows users to run commands that normally would require root access, typically those that require security privileges of another user, such as an administrator.
The bug is said to trigger a “heap overflow” in Sudo that changes the current user’s privileges to enable root-level access. This can give an attacker access to the entire system. However, an attacker would need to gain low-level access to a system first to be able to exploit the bug and plant malware on it.
This was later confirmed by security researcher Matthew Hickey who disclosed that the bug could be exploited on Mac computers. Hickey said he tested the vulnerability and found that with a few modifications, the bug could be used to grant attackers access to macOS root accounts as well.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE— Hacker Fantastic 📡 (@hackerfantastic) February 2, 2021
ZDNet reported that Hickey’s findings were confirmed by Patrick Wardle, who is said to be one of today’s leading macOS security experts and Will Dormann, a vulnerability analyst at the Carnegie Mellon University’s CERT Coordination Center.
Can confirm with macOS Big Sur on both x86_64 and aarch64. pic.twitter.com/nQqQ8rskv7— Will Dormann (@wdormann) February 2, 2021
To make matters worse, Qualys said the bug was introduced in the Sudo code back in July 2011, effectively impacting all Sudo versions released in the past ten years. Worryingly, the researchers who discovered the bug said it was “likely to be exploitable” in other Unix-based operating systems.
So, if you are a macOS user should you be worried? As far as we know, the vulnerability requires local access to a computer in order for it to be exploited. As such it is unlikely that any regular user will be affected before an macOS update from Apple.
Hickey told ZDNet that the bug could be exploited in recent versions of macOS even after applying the recent security patches that Apple released this month. He said has already notified Apple about the issue though Apple has declined to comment as it investigates the issue. Regardless, it is likely that the Cupertino-based tech giant will fix the vulnerability in a security update before long.