Remember CVE-2021-3156, the vulnerability affecting the entire Linux ecosystem and macOS?
Apple Just Released a Fix for CVE-2021-3156
A successful exploit scenario could allow unprivileged users to obtain root privileges on the vulnerable host. Qualys, the company that reported the flaw, indepently verified it and developed multiple variants of exploit to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).
A couple of weeks later, it turned out that Macs running the latest version of Big Sur, 11.2, were also prone to the exploit. Apple didn’t have a fix for the bug until yesterday.
Fortunately, Apple has already released a patch for the critical sudo bug in macOS Big Sur, Catalina, and Mojave. The flaw could enable unauthenticated local users to obtain root-level privileges on the affected system.
Two Other Apple Bugs Also Patched
Apple also included fixes for two other security flaws in Intel Graphics Driver:
- CVE-2021-1805 – “An out-of-bounds write was addressed with improved input validation,” Apple said. The vulnerability is fixed in macOS Big Sur 11.2, macOS Catalina 10.15.7. The vulnerability could enable arbitrary code execution with kernel privileges.
– “A race condition was addressed with additional validation,” according to the advisory. The vulnerability is fixed in macOS Big Sur 11.2, macOS Catalina 10.15.7. The vulnerability could also enable arbitrary code execution with kernel privileges.
If you haven’t opted for automatic updates, you can go Apple menu, select System Preferences, and click Software Update. This way, you will download and install the latest patches needed for your security.
Apple Was “Pwned” at a Chinese Hacking Content Earlier This Year
Did you know?
Apple was one of the companies, pwned at Tianfu Cup hacking contest, China’s biggest hacking competition. In this year’s edition, several tech-giants were “pwned”, including names like Microsoft, Samsung, VMWare, Google, and Apple.
The organizers confirmed successful exploits, some of which completely new, against software such as iOS 14 running on an iPhone 11 Pro and Windows 10 v2004 (April 2020 edition).
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944