A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet.
Last week, BleepingComputer had reported on CVE-2021-3156 aka Baron Samedit, a flaw in SUDO which lets local users gain root privileges.
Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.
This helps limits the rights of standard users on an operating system by preventing them from executing high-risk commands and programs which may compromise the system’s security.
By exploiting Baron Samedit, standard non-root users on Linux, and now on macOS systems can execute applications with root privileges.
Sudo vulnerability impacts latest macOS version
This week, multiple security researchers have noticed that the sudo privilege escalation vulnerability CVE-2021-3156 also impacts the latest version of Apple macOS, Big Sur 11.2.
While the vulnerability was patched in multiple Linux distributions including Ubuntu, Debian, and Fedora, according to Qualys Research Team’s original blog disclosure, a fix is not yet available for macOS.
PoC exploits available in the wild
To demonstrate the claim, the researcher Matthew Hickey (Hacker Fantastic), the co-founder of Hacker House coded a simplistic Proof-of-Concept (PoC) exploit of under ten lines that can enable standard macOS users to elevate their privileges to root.
PoC exploits for the Baron Samedit vulnerability have also been published for Ubuntu and other Linux distributions.
IBM AIX Unix distros also remain vulnerable to Baron Samedit.
Hickey told BleepingComputer he had reported the vulnerability to Apple but that the vulnerability remains exploitable even in the most recent macOS Big Sur version 11.2.
No patch is yet available for macOS users, and it remains possible to trigger the vulnerability across multiple system architectures, including aarch64 and x86_64.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944