With every new build that Apple releases, we always hear that it composes of certain security fixes and performance improvements. While vulnerabilities are not new to any software, a decade-old vulnerability has now been discovered which could allow local users to gain root access. The root access is given on Unix-based systems which include macOS Big Sur. Let’s dive in to see some more details on the sudo bug that can grant access to an attacker for root access on macOS Big Sur.
Sudo Bug Could Potentially Grant Root Access to Attackers on macOS Big Sur
The new issues eas raised by security researchers in January of this year in which it was disclosed that a vulnerability has been discovered which can affect Unix-based systems such as macOS Big Sur (via ZDnet). The vulnerability is identified as “CVE-2021-3156” by the Qualys Security Team. It affects a program called sudo that allows users to run commands with the security privileges of a user such as an administrator. The bug allows root access by triggering “heap overflow” in sudo that alters the privileges of the user. What this does is not so simple – it grants an attacker root access to the entire system.
CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE
— Hacker Fantastic (@hackerfantastic) February 2, 2021
Take note that the attacker would first require low-level access to the system which will allow him to take advantage of the bug. This can be done through planted malware. Sudo is not only part of macOS Big Sur, but also systems like Linux. What’s surprising is that it was initially not clear if the bug has an impact on Macs. This is due to the fact that Qualys only tested the vulnerability on Ubuntu, Fedora, and Debian. According to the latest, Mathew Hickey has confirmed that macOS 11.2 – Apple’s most recent version of the platform can act as a host to the potential attack.
cc @wdormann looping in US-CERT because MacOS (vanilla) / AIX / Solaris are also systems the sudo bug can be exploited under non-glibc systems that lack modern heap overflow protections. MacOS seems more difficult than other two due to checksum’s on the chunks.
— Hacker Fantastic (@hackerfantastic) February 2, 2021
It was previously reported that Apple will address the vulnerability with macOS Big Sur 11.2. However, it was not clear at that time and now it seems that sudo has been left untampered with. Hickey further states that the sudo bug can potentially give root access to macOS accounts to attackers. Apple has been notified of the vulnerability plaguing the macOS Big Sur system. The company will release a fix for the issue in the near future.
What are your views on the sudo bug? Share your insights with us in the comments.
The post Sudo Bug to Affect macOS Big Sur as it Grants Root Access to Attackers by Ali Salman appeared first on Wccftech.
Powered by WPeMatico