Recently Discovered Sudo App Bug Also Found to Impact macOS
A recently discovered security flaw in the Sudo app has been found to impact the macOS and is not limited to just Linux and BSD operating system, ZDNet is reporting. According to the researchers, the bug in the Sudo app can change the current user’s low-privileged access to root-level commands.
Sudo is an app that allows admins to delegate limited root access to other users. Qualys researchers have found that exploiting the vulnerability in Sudo can grant the attacker access to the whole system.
While the initial report said the bug only impacts Ubuntu, Debian, and Fedora, British security researcher Matthew Hickey has now pointed out that the recent version of macOS also ships with the Sudo app.
Hickey said he tested the CVE-2021-3156 vulnerability and found that with a few modifications, the security bug could be used to grant attackers access to macOS root accounts as well.
“To trigger it, you just have to overwrite argv or create a symlink, which therefore exposes the OS to the same local root vulnerability that has plagued Linux users the last week or so,” Hickey told ZDNet today, prior to sharing a video of the bug in question.
The researcher said he notified Apple of the issue earlier today, although no comment has yet been issued by the Cupertino company.