Apple patches Sudo bug in macOS Big Sur 11.2.1, supplemental updates for Catalina and Mojave | #mac | #macos | #macsecurity


Apple today released macOS Big Sur 11.2.1 to the public, alongside supplemental updates for macOS Catalina 10.15.7 and macOS Mojave 10.14.6. In addition to a fix for MacBook Pro charging issues, the update also brings a notable security fix for a Sudo bug that was reported last week.

As we explained last week, the Sudo bug could allow an ordinary user to gain root access to a Mac, though an attacker would also need to combine with malware or a brute-force attack to gain user access in the first place. ZDNet explained the vulnerability:

The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Qualys researchers discovered that they could trigger a “heap overflow” bug in the Sudo app to change the current user’s low-privileged access to root-level commands, granting the attacker access to the whole system

Apple says that today’s update to macOS Big Sur 11.2.1, as well as the supplemental updates for macOS Catalina 10.15.7 and macOS Mojave 10.14.6, include a fix for the bug. Apple published the following details on its support website:

  • Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6
  • Impact: A local attacker may be able to elevate their privileges
  • Description: This issue was addressed by updating to sudo version 1.9.5p2.
  • CVE-2021-3156: Qualys

The updates to macOS Catalina and macOS Big Sur also include two other security fixes:

Intel Graphics Driver

  • Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: An out-of-bounds write was addressed with improved input validation.
  • CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver

  • Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

You can now update your Mac to the latest version of macOS by heading to the Software Update menu in the System Preferences app.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

68 + = 69