March 4, 2021

“Sudo” Vulnerability also Affects MacOS – CVE-2021-3156

A “Sudo” bug that has appeared recently allows attackers to access a local system to gain access to a root-level account. A British cyber security expert discovered that the vulnerability in the Sudo application affects not only Linux but also the macOS operating system, contrary to what was initially thought.

The vulnerability, described as “CVE-2021-3156” by Qualys security researchers last week, affects Sudo, an application that allows administrators to grant limited root access to other users.

Qualys researchers have discovered that in the Sudo application, to change the current user’s low privilege access to root-level commands, triggering a “stack overflow” error, giving the attacker access to the entire system. The only condition to exploit this error was for an attacker to gain access to a system. The researchers said this could be achieved by inserting malware into a device or a brute-force attack on a low-privilege service account.

Qualys researchers said in their reports last week that they only tested the bug on Ubuntu, Debian, and Fedora. They said UNIX-like operating systems were also affected, but most security researchers think the bug could affect BSD (Berkeley Software Distribution), another major operating system that comes with the Sudo implementation.

Vulnerability also Affects MacOS
Vulnerability also Affects MacOS

 

The latest version of macOS is also affected by the bug

As Hacker House co-founder Matthew Hickey stated on Twitter today, the latest version of macOS also comes with the Sudo app. Hickey said that he tested the CVE-2021-3156 vulnerability and with a few changes the security bug could also be used to gain attackers access to macOS root accounts.

About the vulnerability in question, Hickey said: “To trigger this, you must overwrite argv [0] or create a symbolic link, thus exposing the OS to the same local root vulnerability that plagued Linux users last week or so. . ”

Hickey’s findings were also confirmed and confirmed by Patrick Wardle, one of today’s leading macOS security experts, and Will Dormann, a vulnerability analyst at the CERT Coordination Center at Carnegie Mellon University. Hickey said in a statement that even after applying the latest security patches Apple released on Monday, this bug could be exploited in the latest version of macOS.

Experts reported the problem to Apple earlier today. Apple officials did not make a statement on the subject while investigating the report. However, the tech giant is expected to release a patch for such a serious problem. Additionally, other researchers discovered that the error could also affect IBM AIX systems.

Checking for updates automatically

Mac users who don’t choose to check for updates automatically, you can go to Apple menu> System Preferences and then click Software Update to download and install the latest updates.

Checking for updates automatically
Checking for updates automatically

 

Reference: https://thehackernews.com/

Leave a Reply

Your email address will not be published. Required fields are marked *