Categories: Digital LifeNewsTech

Apple macOS has a decade-old bug that could grant attackers root-level access

A decade-old flaw has been found in the Sudo tool that could lead to root access on Unix-based systems, this includes Apple macOS Big Sur and earlier versions. The security vulnerability was discovered back in January by Qualys.

At first, it was not clear whether the vulnerability exists in macOS as the security firm only it tested on Ubuntu, Debian, and Fedora operating systems.

For those unfamiliar, Sudo is an app that allows users to run commands that normally would require root access, typically those that require security privileges of another user, such as an administrator.

The bug is said to trigger a “heap overflow” in Sudo that changes the current user’s privileges to enable root-level access. This can give an attacker access to the entire system. However, an attacker would need to gain low-level access to a system first to be able to exploit the bug and plant malware on it.

This was later confirmed by security researcher Matthew Hickey who disclosed that the bug could be exploited on Mac computers. Hickey said he tested the vulnerability and found that with a few modifications, the bug could be used to grant attackers access to macOS root accounts as well.

ZDNet reported that Hickey’s findings were confirmed by Patrick Wardle, who is said to be one of today’s leading macOS security experts and Will Dormann, a vulnerability analyst at the Carnegie Mellon University’s CERT Coordination Center.

To make matters worse, Qualys said the bug was introduced in the Sudo code back in July 2011, effectively impacting all Sudo versions released in the past ten years. Worryingly, the researchers who discovered the bug said it was “likely to be exploitable” in other Unix-based operating systems.

So, if you are a macOS user should you be worried? As far as we know, the vulnerability requires local access to a computer in order for it to be exploited. As such it is unlikely that any regular user will be affected before an macOS update from Apple.

Hickey told ZDNet that the bug could be exploited in recent versions of macOS even after applying the recent security patches that Apple released this month. He said has already notified Apple about the issue though Apple has declined to comment as it investigates the issue. Regardless, it is likely that the Cupertino-based tech giant will fix the vulnerability in a security update before long.

[SOURCE]

Related reading

Recent Posts

Gentari x MBPP turn on 120kW DC Charger near Maybank Tanjung Bungah

Gentari x MBPP continue to deploy more street-level EV chargers on the Island and the…

9 hours ago

Proton S70 revealed as the official Madani Taxi: A modern makeover for Malaysia’s taxi

Prime Minister Anwar Ibrahim has revealed the Proton S70 1.5T i-GT Premium which was launched…

13 hours ago

Not just for EVs: Malaysian taxis are getting the new JPJePlate

Two years ago, the Road Transport Department (JPJ) introduced the JPJePlate which sets the new…

18 hours ago

Why some ATMs are still charging RM1 for cash withdrawals despite the fee waiver

Effective 1st July 2026, Malaysians can make unlimited ATM cash withdrawals for free at over…

19 hours ago

JomCharge x DBKL turn on new 100kW DC Charger at Kuchai lama

JomCharge x DBKL continue to turn on more street-level EV charging locations in Kuchai Lama…

23 hours ago

Porsche Taycan and Macan EV prices surge in Malaysia: Up to RM410k higher

Porsche has recently updated the price of its EV lineup in Malaysia, and the changes…

2 days ago

This website uses cookies.