A vulnerability discovered last week that was originally supposed to affect only Linux and BSD operating systems is now believed to impact macOS as well. The security vulnerability, identified CVE-2021-3156, affects Sudo, an application used by administrators to grant root access to other users.
The sudo vulnerability was discovered by researchers at cybersecurity firm Qualys, who detailed how the bug could be used to conduct elevation of privilege attacks. By triggering a “heap overflow” in the application, it becomes possible to change low privilege access from a user to that of a root level user. This can be done either by implanting malware on a device or by performing a brute force attack on a low privilege sudo account.
Now, UK security researcher Matthew Hickey has noted that the most recent version of macOS contains the Sudo app. He discovered that with a few minor changes, the CVE-2021-3156 vulnerability was effective on macOS devices.
Patched or not
Hickey’s findings have been independently verified by other security experts, but have not yet been followed up by Apple itself. Hickey said Apple was made aware of the issue but no fixes were included in the latest security update released earlier this week.
Qualys researchers have determined that the sudo vulnerability has been exploitable for over a decade, but attacks are much more likely to occur now that the flaw has been publicly disclosed. Fortunately, CVE-2021-3156 has been fixed for the operating systems that it was originally discovered to affect.
Users can also test if their system is vulnerable to the sudo vulnerability by running the command “sudoedit -s /”. If the system remains vulnerable, it will respond with an error message starting with “sudoedit:” while a patched system will respond with an error starting with “usage:”.