Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
Latest macOS Big Sur also has SUDO root privilege escalation flaw
By
06:00 AM
A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet.
Last week, BleepingComputer had reported on
, a flaw in SUDO which lets local users gain root privileges.
Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the
sudoers file, while at the same time keeping a log of their activity.
This helps limits the rights of standard users on an operating system by preventing them from executing high-risk commands and programs which may compromise the system s security.
Linux sudo vulnerability also affects macOS
We recently wrote about a serious vulnerability in the sudo tool which could be used to gain root access to Linux systems. Now a security researcher has found that the security flaw also affects macOS Big Sur including on new M1 Macs.
The Baron Samedit vulnerability or CVE-2021-3156 is a heap-based buffer overflow bug that was discovered by cybersecurity firm Qualys. While it was initially thought to only affect Linux systems, researcher Matthew Hickey (who also goes by the name Hacker Fantastic) found that macOS is also vulnerable with only very minor changes needed to the original exploit.
New macOS Vulnerability Could Potentially Give Root Access to Local Users
Posted by Sanuj Bhatia on Feb 03, 2021 in macOS, News
Finding vulnerabilities in the operating systems isn’t new. A lot of vulnerabilities in macOS have been reported earlier. But, a decade-old vulnerability has been found that could lead to root access being given to local users on Unix-based systems, including macOS Big Sur.
A new issue, raised by security researchers in January this year, discloses a vulnerability that can affect Unix-based operating systems like macOS and Linux. Researchers note that the bug has been there for at least a decade, however, this is the first time it has surfaced and has been reported.
A decade-old flaw found in the Sudo tool could lead to root access on Unix-based systems, including macOS Big Sur and earlier versions.
In January, security researchers disclosed a new vulnerability that can affect Unix-based operating systems. The exploit is identified as CVE-2021-3156, heap-based buffer overflow in Sudo. The exploit appears similar to a previously patched flaw called CVE-2019-18634.
The researchers at Qualys identified the exploit in Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). They say it can affect other operating systems and distributions running the affected version of Sudo. All legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 are affected.