Apple fixes sudo root bug CVE-2021-3156Remember CVE-2021-3156, the vulnerability affecting the entire Linux ecosystem and macOS?

Apple Just Released a Fix for CVE-2021-3156

A successful exploit scenario could allow unprivileged users to obtain root privileges on the vulnerable host. Qualys, the company that reported the flaw, indepently verified it and developed multiple variants of exploit to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).

A couple of weeks later, it turned out that Macs running the latest version of Big Sur, 11.2, were also prone to the exploit. Apple didn’t have a fix for the bug until yesterday.

Fortunately, Apple has already released a patch for the critical sudo bug in macOS Big Sur, Catalina, and Mojave. The flaw could enable unauthenticated local users to obtain root-level privileges on the affected system.

Two Other Apple Bugs Also Patched

Apple also included fixes for two other security flaws in Intel Graphics Driver:

  • CVE-2021-1805 – “An out-of-bounds write was addressed with improved input validation,” Apple said. The vulnerability is fixed in macOS Big Sur 11.2, macOS Catalina 10.15.7. The vulnerability could enable arbitrary code execution with kernel privileges.
  • CVE-2021-1806

– “A race condition was addressed with additional validation,” according to the advisory. The vulnerability is fixed in macOS Big Sur 11.2, macOS Catalina 10.15.7. The vulnerability could also enable arbitrary code execution with kernel privileges.

If you haven’t opted for automatic updates, you can go Apple menu, select System Preferences, and click Software Update. This way, you will download and install the latest patches needed for your security.

Apple Was “Pwned” at a Chinese Hacking Content Earlier This Year

Did you know?
Apple was one of the companies, pwned at Tianfu Cup hacking contest, China’s biggest hacking competition. In this year’s edition, several tech-giants were “pwned”, including names like Microsoft, Samsung, VMWare, Google, and Apple.

The organizers confirmed successful exploits, some of which completely new, against software such as iOS 14 running on an iPhone 11 Pro and Windows 10 v2004 (April 2020 edition).

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!
Follow Milena @Milenyim

More Posts

Follow Me:

Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7.

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884